Single Quote Marks in a SQL Query

Single Quote Marks in a SQL Query

Question:
I have built several pages that use VBScript to pull information from a Microsoft Access database. My problem is that if a user tries to use a single quote ‘ in the form supplied, SQL blows up because of an unterminated single quote mark in the query string. Is there a way to encapsulate the single quote?

Answer:
Single quotes are kind of a pain when trying to mix SQL with ASP. In general, the best way to set up your queries is to make sure that the string that you retrieve doesn’t contain a single quote (yeah, that does sound rather obvious, but in this case it disguises a layer of complexity). One way I’ve found around it is to create a SAFESTRING function. Before passing an expression up to the server through ADO or similar mechanism, I will use the VBScript Replace function to catch both single and double quotes, and replace them with placeholders:

 function MakeSafeString(expr)   expr=replace(expr,chr(34),"#DBLQUOTE#")   expr=replace(expr,"'","#SNGQUOTE#")   SaveString=exprend function

This will turn the expression:

This isn't the "only" solution

into

This is#SNGQUOTE#t the #DBLQUOTEonly#DBLQUOTE# solution

The ConvertSafeString() function takes a safe string pulled from a database query and converts it back into its previous form:

function ConvertSafeString(safeExpr)    expr=Replace(safeExpr,"#SNGQUOTE#","'")    expr=Replace(expr,"#DBLQUOTE#",chr(34))    ConvertSafeString=exprend function

You could also create a version that will save the expression out to HTML safe forms (double quotes become ” while single quotes become ‘ ).

Share the Post:
XDR solutions

The Benefits of Using XDR Solutions

May 24, 2023

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

May 23, 2023

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

May 22, 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

May 17, 2023

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

May 16, 2023

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

May 15, 2023

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing

data dictionary

Tools You Need to Make a Data Dictionary

May 12, 2023

Data dictionaries are crucial for organizations of all sizes that deal with large amounts of data. they are centralized repositories of all the data in organizations, including metadata such as

Show More