To escape ' you simly need to put another before: ''
As the second answer shows it’s possible to escape single quote like this:
select 'it''s escaped'
result will be
it's escaped
If you’re concatenating SQL into a VARCHAR to execute (i.e. dynamic SQL), then I’d recommend parameterising the SQL. This has the benefit of helping guard against SQL injection plus means you don’t have to worry about escaping quotes like this (which you do by doubling up the quotes).
e.g. instead of doing
DECLARE @SQL NVARCHAR(1000) SET @SQL = 'SELECT * FROM MyTable WHERE Field1 = ''AAA''' EXECUTE(@SQL)
try this:
DECLARE @SQL NVARCHAR(1000) SET @SQL = 'SELECT * FROM MyTable WHERE Field1 = @Field1' EXECUTE sp_executesql @SQL, N'@Field1 VARCHAR(10)', 'AAA'
Related Posts:
- What characters do I need to escape in XML documents?
- Illegal Escape Character “\”
- What characters must be escaped in HTML 5?
- How can I selectively escape percent (%) in Python strings?
- How do I escape a single quote in jQuery?
- How to escape apostrophe (‘) in MySql?
- Should HTML output be passed through esc_html() AND wp_kses()?
- How to prevent escaping when saving HTML code in an option value?
- How to correctly escape query variables to be used in WP_Query
- esc_attr / esc_html / esc_url in echos
- When do I need to use esc_html()? [duplicate]
- what’s different between esc_attr, htmlspecialchars and htmlentities
- Allow all attributes in $allowedposttags tags
- When outputting a static string to the page, is it necessary to escape the output?
- How Flexible are the WordPress Coding Standards for PHPCS?
- why is esc_html() returning nothing given a string containing a high-bit character?
- How to properly escape a translated string?
- Translate a Constant while appeasing WordPress PHPCS
- Using esc_url() on a url more than once
- Do I need to escape get_theme_mod(‘url’) / (‘mail’) with esc_url?
- How to allow   with wp_kses()?
- Using esc_attr_e
- Why esc_html_() is not used on every text that has a translation (on Twenty Twenty One)?
- Escaping crashes my output
- How to safely escape the title attribute
- How to safely escape data that contains HTML attributes
- Can wp_strip_all_tags be used as a substitute for esc_url, esc_attr & esc_html?
- Echoing a URL to a link
- wp_kses_post escaping doesn’t appear to work as described?
- file_get_contents | escaping doesnt show the page
- Help about Escaping
- How to keep specific tag from an html string?
- Escaping Issues
- Escaping and Special Characters (e.g. &)
- Escaping get_option( ‘time_format’ ) is nesserary?
- How should esc_url be combined with trailingslashit?
- Correct way of using esc_attr() and esc_html()
- esc_html don’t work on variable but do work on pasted text
- LIKE vs CONTAINS on SQL Server
- How to Git stash pop specific stash in 1.8.3?
- What is an MDF file? [closed]
- Selecting COUNT(*) with DISTINCT
- Case in Select Statement
- What is a stored procedure?
- outputting ascii table in C++
- What is the difference between varchar and nvarchar?
- LEFT JOIN vs. LEFT OUTER JOIN in SQL Server
- std::string to char*
- How to convert a char to a String?
- Inserting multiple rows in a single SQL query? [duplicate]
- How to convert/parse from String to char in java?
- What do Clustered and Non-Clustered index actually mean?
- LEFT JOIN vs. LEFT OUTER JOIN in SQL Server
- Conversion from string to char – c++
- How to drop a table if it exists?
- “Char cannot be dereferenced” error
- SQL Server: Difference between PARTITION BY and GROUP BY
- “Char cannot be dereferenced” error
- How can I convert a char to int in Java? [duplicate]
- Conversion failed when converting date and/or time from character string while inserting datetime
- Self Join to get employee manager name
- How do I UPDATE from a SELECT in SQL Server?
- Is there a Boolean data type in Microsoft SQL Server like there is in MySQL? [duplicate]
- SQL query to select dates between two dates
- What is an unsigned char?
- Get a substring of a char* [duplicate]
- char *array and char array[]
- Conversion failed when converting date and/or time from character string while inserting datetime
- When should I use CROSS APPLY over INNER JOIN?
- Insert Data Into Temp Table with Query
- Convert int to char in java
- SQL query to get the employee name and their manager name from the same table
- Get a substring of a char*
- error, string or binary data would be truncated when trying to insert
- How to convert a char array to a string?
- What are all the escape characters?
- How to create Temp table with SELECT * INTO tempTable FROM CTE Query
- NOT IN vs NOT EXISTS
- How can I do an UPDATE statement with JOIN in SQL Server?
- Must declare the scalar variable
- Expression must be a modifiable L-value
- Uses for the ‘"’ entity in HTML
- T-SQL split string
- Must declare the scalar variable
- C: correct usage of strtok_r
- Rename column SQL Server 2008
- INSERT statement conflicted with the FOREIGN KEY constraint – SQL Server
- Function to Calculate Median in SQL Server
- Efficiently convert rows to columns in sql server
- The SQL OVER() clause – when and why is it useful?
- Update multiple columns in SQL
- Nested select statement in SQL Server
- What is the difference between char s[] and char *s?
- INSERT statement conflicted with the FOREIGN KEY constraint – SQL Server
- How can I add ” character to a multi line string declaration in C#?
- Function to Calculate Median in SQL Server
- How do I escape a single quote in SQL Server?
- SQL Server IF EXISTS THEN 1 ELSE 2
- T-SQL split string based on delimiter
- What is the use of GO in SQL Server Management Studio & Transact SQL?