To escape ' you simly need to put another before: ''
As the second answer shows it’s possible to escape single quote like this:
select 'it''s escaped'
result will be
it's escaped
If you’re concatenating SQL into a VARCHAR to execute (i.e. dynamic SQL), then I’d recommend parameterising the SQL. This has the benefit of helping guard against SQL injection plus means you don’t have to worry about escaping quotes like this (which you do by doubling up the quotes).
e.g. instead of doing
DECLARE @SQL NVARCHAR(1000) SET @SQL = 'SELECT * FROM MyTable WHERE Field1 = ''AAA''' EXECUTE(@SQL)
try this:
DECLARE @SQL NVARCHAR(1000) SET @SQL = 'SELECT * FROM MyTable WHERE Field1 = @Field1' EXECUTE sp_executesql @SQL, N'@Field1 VARCHAR(10)', 'AAA'
Related Posts:
- What characters do I need to escape in XML documents?
- Illegal Escape Character “\”
- What characters must be escaped in HTML 5?
- How can I selectively escape percent (%) in Python strings?
- How do I escape a single quote in jQuery?
- How to escape apostrophe (‘) in MySql?
- Should HTML output be passed through esc_html() AND wp_kses()?
- How to prevent escaping when saving HTML code in an option value?
- How to correctly escape query variables to be used in WP_Query
- esc_attr / esc_html / esc_url in echos
- When do I need to use esc_html()? [duplicate]
- what’s different between esc_attr, htmlspecialchars and htmlentities
- Allow all attributes in $allowedposttags tags
- When outputting a static string to the page, is it necessary to escape the output?
- How Flexible are the WordPress Coding Standards for PHPCS?
- why is esc_html() returning nothing given a string containing a high-bit character?
- How to properly escape a translated string?
- Translate a Constant while appeasing WordPress PHPCS
- Using esc_url() on a url more than once
- Do I need to escape get_theme_mod(‘url’) / (‘mail’) with esc_url?
- How to allow   with wp_kses()?
- Using esc_attr_e
- Why esc_html_() is not used on every text that has a translation (on Twenty Twenty One)?
- Escaping crashes my output
- How to safely escape the title attribute
- How to safely escape data that contains HTML attributes
- Can wp_strip_all_tags be used as a substitute for esc_url, esc_attr & esc_html?
- Echoing a URL to a link
- wp_kses_post escaping doesn’t appear to work as described?
- file_get_contents | escaping doesnt show the page
- Help about Escaping
- How to keep specific tag from an html string?
- Escaping Issues
- Escaping and Special Characters (e.g. &)
- Escaping get_option( ‘time_format’ ) is nesserary?
- What is a stored procedure?
- outputting ascii table in C++
- SQL Server: Difference between PARTITION BY and GROUP BY
- Conversion failed when converting date and/or time from character string while inserting datetime
- error, string or binary data would be truncated when trying to insert
- Rename column SQL Server 2008
- The SQL OVER() clause – when and why is it useful?
- What is the difference between char s[] and char *s?
- SQL Server Management Studio, how to get execution time down to milliseconds
- How do I escape a single quote in SQL Server?
- How Stuff and ‘For Xml Path’ work in SQL Server?
- How can I convert a character to a integer in Python, and viceversa?
- Understanding the difference between null and ‘\u000’ in Java
- How can I convert const char* to string and then back to char*?
- The multi-part identifier could not be bound
- How can I use modulo operator (%) in JavaScript?
- How to join two tables by multiple columns in SQL?
- Convert char* to string C++
- Sql Server string to date conversion
- Find all tables containing column with specified name – MS SQL Server
- Search text in stored procedure in SQL Server
- SQL Server IF NOT EXISTS Usage?
- How to join two tables by multiple columns in SQL?
- Comparing chars in Java
- What represents a double in sql server?
- How do I fix ‘Invalid character value for cast specification’ on a date column in flat file?
- SQL-Server: The backup set holds a backup of a database other than the existing
- SELECT DISTINCT on one column
- What does it mean to escape a string?
- Comparing the values of char arrays in C++
- vs shell installation has failed with exit code 1638
- Convert char array to single int?
- TSQL PIVOT MULTIPLE COLUMNS
- Microsoft OLE DB Provider for SQL Server error ‘80004005’
- Why do table names in SQL Server start with “dbo”?
- Invalid escape sequence (valid ones are \b \t \n \f \r \” \’ \\ )
- Equivalent of Oracle’s RowID in SQL Server
- Is there a Max function in SQL Server that takes two values like Math.Max in .NET?
- sql query to return differences between two tables
- Subtract one day from datetime
- How to get the ASCII value in JavaScript for the characters [duplicate]
- XOR in SQL Server
- Backup a single table with its data from a database in sql server 2008
- Temporary table in SQL server causing ‘ There is already an object named’ error
- What datatype should be used for storing phone numbers in SQL Server 2005?
- SQL WHERE.. IN clause multiple columns
- How do I check if a string contains a certain character?
- Filter data based on date in sql
- How to truncate string using SQL server
- “The transaction log for database is full due to ‘LOG_BACKUP'” in a shared host
- Escaping WP_Query tax_query when term has special character(s)
- Do I need to escape data passed to wp_localize_script()?
- esc_url not working within add_settings_field callback
- Prevent add_shortcode from escaping a tag
- Sanitizing comments or escaping comment_text()
- Prevent escaping javascript in visual editor
- Quotes being escaped inside wp_editor when saved with wp_kses_post
- Is it safe and good practice to use do_shortcode to escape?
- How to escape html generate by a loop
- Add HTML to Term Description
- Is there any solution, ide/tool etc., for automatic escaping for WordPress?
- How to correctly escape an echo
- Escaping a WPDB Object in One Shot
- Code auto escaping is not working when using short codes
- problem with quotes on new post