Two tips for dealing with single quotes in SQL Server

Use SQL statements frequently when dealing with databases, unless you are all bound by controls, but there are drawbacks to using control bindings in the form of poor flexibility, inefficiency, weak functionality, and so on. As a result, most programmers rarely or rarely use this binding approach. In the case of non binding, many programmers overlook the special handling of single quotes. Once the variables of the query condition of the SQL statement appear in single quotes, the database engine complains that the SQL syntax is incorrect, and I find that there are two ways to solve and deal with this single quote (in VB example).

Method One: Use the escape character to process the SQL statement. The following function can be invoked before executing the SQL statement, and the result of the processing will produce the correct knot

Fruit.

Function processstr (str as String)

Dim Pos as Integer

Dim Stedest as String

pos = InStr (str, "'")

While POS > 0

str = Mid (str, 1, POS) & "'" & Mid (str, POS + 1)

pos = INSTR (pos + 2, str, "'")

Wend

PROCESSSTR = str

End Function

Where the str parameter is your SQL string. Once the function finds a single quotation mark in the string, it is preceded by a single quote.

Method Two: Using the parameters in the data object. You can use the Adodb.command object to pass strings that contain single quotes to the command, and then perform a search

Inquiries, etc. can be done.

The above two methods are compared, the method increases the system processing time, the method two succinct, the efficiency, if uses the stored procedure, then passes the parameter to the stored procedure, the stored procedure is precompiled, thus the system efficiency is higher.