发表新帖
发表新帖

SQL Escape ' '

前端 未结
关注
7 1267
星月不相逢
星月不相逢 2021-01-12 22:49

I am trying to run a query in SQL 2008 by doing:

@query varchar(max)

SET @query = \'SELECT * FROM Table WHERE [Name] = \' \'Karl\' \' \'

EXEC(@query)
7条回答
  • 無奈伤痛
    無奈伤痛 (楼主)
    2021-01-12 23:27

    This works:

    create table #demo([Name] varchar(max))
insert into #demo([Name]) values('''Karl''')
insert into #demo([Name]) values('Karl')
declare @query varchar(max)
set @query = 'SELECT * FROM #demo WHERE [Name] = ''''''Karl'''''''
EXEC(@query)

    Output:

    'Karl'

    But if 'Karl' is variable text, it's highly recommended to use something like this instead:

    declare @query nvarchar(max)
declare @param varchar(max)
set @param = N'''Karl'''
set @query = N'SELECT * FROM #demo WHERE [Name] = @param'
exec sp_executesql @query, N'@param varchar(max)', @param

    0 讨论(0)
 看不清?
提交回复
热议问题