开发者

APOSTROPHE DYNAMIC SQL

开发者 https://www.devze.com 2023-01-16 09:27 出处：网络

DEC开发者_如何学GoLARE @SQL Varchar(Max) DECLARE @DESCR Varchar(Max) -- Customer enters description into @Descr

相关专题：dynamic-sql sql-server sql-server-2005 tsql

DEC开发者_如何学GoLARE @SQL Varchar(Max)
DECLARE @DESCR Varchar(Max)

-- Customer enters description into @Descr
SET @SQL = 'Update TableName SET FieldName='''
+ @DESCR
+ ''' WHERE ID=123'

The problem is when the customer enters an apostrophe into the @Descr variable.

Q: In Microsoft SQL Server 2005, how do I replace all apostrophies with double apostrophe?

If this even needs to be dynamic SQL at all (the code you have shown doesn't) then use parameterised SQL and sp_executesql for this to avoid SQL injection possibilities.

DECLARE @SQL NVarchar(Max)
DECLARE @DESCR NVarchar(Max)

-- Customer enters description into @Descr


SET @SQL = 'Update TableName SET FieldName=@DESCR WHERE ID=123'

exec sp_executesql @SQL, N'@DESCR NVarchar(Max)', @DESCR =@DESCR

Not recommended for production, but will work.

SET @DESCR = REPLACE(@DESCR, '''', '''''')

上一篇:瘦肉粥怎么做好吃,白菜瘦肉粥的家常做法？

初心不变砥砺前行暨开能健康成立20周年？:下一篇

精彩评论

暂无评论...

登录注册

请自觉遵守互联网相关的政策法规，严禁发布色情、暴力、反动的言论！

验证码：

换一张

取消

关注公众号

图文推荐

Delphi - Custom drawing a message list

C++ header-only include pattern

IE7 Margin Collapses Into Padding

in CoffeeScript, how can I use a variable as a key in a hash?

Interactive visualization of a graph in python [closed]

How to customise PHP MYSQL tables?

High quality, simple random password generator

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章，同时StackOverflow中文社区，知识经验交流分享。

法律声明：本站内容均为网友上传，网站举办方负责审核和监督，如存在版权或非法内容，欢迎举报，我们将尽快予以删除。邮箱：devze@qq.com

APOSTROPHE DYNAMIC SQL

更多 问答 相关资讯：

精彩评论

关注公众号

热门标签

图文推荐

更多问答相关资讯：