Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2005

    Unanswered: Building/Issueing a query with a field with a quote in it?

    Using a language that using A4GL to connect to the database. From within the language(COBOL) we have the ability to add a simple query. All is fine with one exception. Some of the fields might have a quote mark in it.
    we have a field in particular that a lot of our clients like to put an apostrophe in. such as 0001A'06, 2'11" and so on. Now from inside our programs and using the simple query we add something like 'where ap_id = '0001A'06' which i know is an error but is there a way around this or a way to make it work?

  2. #2
    Join Date
    Jun 2003
    Provided Answers: 1
    You can use REPLACE on the string to change each single quote to two single quotes (NOT the "double-quote" character). But is looks like you are using direct dynamic SQL, and that is an invitation to SQL injection security attacks.
    If it's not practically useful, then it's practically useless.

    blindman "sqlblindman"

  3. #3
    Join Date
    Mar 2005

    Thank you...

    That works all we have to do now is fix all of programs, (possible 800 or so).

    Thanks again...

  4. #4
    Join Date
    Nov 2002
    COBOL and SQL Server?

    It's an abomination I tells ya......

    It's a Great Day for America everybody!

    dbforums Yak CorralRadio 'Rita
    dbForums Member List
    I'm Good Once as I ever was

    The physical order of data in a database has no meaning.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts