Is there a simple way of saving an apostrophe in an sql field? eg…
"O'Kelly","O'Brian" or "Bob's bike"
Have you tried this? (air code):
"O\'Kelly","O\'Brian" or "Bob\'s bike"
In many cases, the backslash acts as an escape character.
Since you’re asking about how to escape apostrophe’s, you may want to read up on sql injection attacks.
Basically any field that you don’t have 100% control over you need to escape out. It’s a pretty trivial process but imagine if your user entered the name of their business as “Drop Table;” and you saved that to your server.
If you’re using sqllite then parameterized queries is one method, see this:
In php you use: mysqli_real_escape_string…
Java has another method…
The backslash didn’t seem to work for me.
Thanks for the input everyone.
So far I’m doing this…
Function SafeSQL(s)
‘console.log(“SafeSQL:” & s)
SafeSQL = encodeURIComponent(Replace(s,"’“,”|*|"))
End Function
Function UnSafeSQL(s)
‘console.log(“UnSafeSQL:” & s)
UnSafeSQL = Replace(decodeURIComponent(s),“|*|”,"’")
End Function
Tip : If you’re pasting code, html or config files, surround the code with triple back ticks (```), before the first line and after the last one. It will be formatted properly. (We fixed it for you this time)