6678

Single Quote Error

Question:

When I insert single quote in search box and press search button it gives error like:

<blockquote>

[Microsoft][SQL Server Native Client 10.0][SQL Server]Unclosed quotation mark after the character string ' '.

</blockquote>

Answer1:

You should be using <a href="http://www.enterprisedb.com/documentation/dotnet-parameterizedqueries.html" rel="nofollow">parameterized queries</a> instead of constructing your SQL by concatenation.

This will avoid <a href="http://en.wikipedia.org/wiki/SQL_injection" rel="nofollow">SQL Injection attacks</a> as well as resolve any single quote issues.

The quick fix it to escape the ' by doubling it (''), but this would just be a temporary workaround and your code will still be vulnerable.

Answer2:

Parameterize your SQL queries. There are more serious issues than this called <a href="http://en.wikipedia.org/wiki/SQL_injection" rel="nofollow">SQL Injection</a>.

Answer3:

You need to escape single quotes, like \' as you're using single quotes to surround where-statements, like where i = 'foo', then you need to write where i = '\'' to match a single quote, or lie where i = 'it\'s a good day today'

Recommend

  • Regular Expression for paired brackets
  • Firefox add-on to find unclosed HTML elements
  • Clean way to build long strings in Ruby
  • Initializing a pthread mutex in shared memory
  • Cmd to powershell replace - special character
  • Question mark icons showing up for quotation marks when there's a UTF-8 character encoding
  • Creating inner query in hibernate
  • Howto count a variable inside of innerHTML?
  • double precision error when converting to scientific notation
  • How to use the File System Events API in Swift?
  • Column Nullability/Optionality: NULL vs NOT NULL
  • What's the benefit of the trailing apostrophe in character literals
  • Sql Server 2008 sp_executesql syntax help - I think my quotes are not correct
  • python & Mysql: unsupported operand type(s) for -: 'int' and 'tuple'
  • Find tangent points on a curve from a user-given point outside the curve
  • SQL Server: +(unary) operator on non-numeric Strings
  • C++ Armadillo Access Triangular Matrix Elements
  • Cosmos DB succeeds and fails on randomly on the same query, saying they are cross partition when the
  • What version of Java should I use with Cassandra 2.0?
  • How to eliminate warning for passing multidimensional array as const multidimensional array?
  • Using HTML/CSS for UI in XNA?
  • change color of jstree node
  • EF 4.1 DBContext AutoDetectChangesEnabled
  • C function strchr - How to calculate the position of the character?
  • How to add closing tag for canvas in three js rendered Canvas?
  • iText RadioGroup/RadioButtons across multiple PdfPCells
  • redirect_to root_url and return unless @user.activated
  • Validate jQuery plugin, field not required
  • Private IP address in reserved subnet range
  • Trying to get the char code of ENTER key
  • Specify the x-axis values in ggplot in R
  • Spring Cloud Microservice Architecture Confusion
  • how to avoid repetitive constructor in children
  • How to get Eclipse Oxygen to run on Java 9
  • Transactional Create with Validation in ServiceStack Redis Client
  • preg_replace Double Spaces to tab (\\t) at the beginning of a line
  • Handling un-mapped Rest path
  • Control modification in presentation layer
  • PHP - How to update data to MySQL when click a radio button
  • jQuery Masonry / Isotope and fluid images: Momentary overlap on window resize