Save apostrophe in sql field

Is there a simple way of saving an apostrophe in an sql field? eg…

"O'Kelly","O'Brian" or "Bob's bike"

Have you tried this? (air code):

"O\'Kelly","O\'Brian" or "Bob\'s bike"

In many cases, the backslash acts as an escape character.

Since you’re asking about how to escape apostrophe’s, you may want to read up on sql injection attacks.

Basically any field that you don’t have 100% control over you need to escape out. It’s a pretty trivial process but imagine if your user entered the name of their business as “Drop Table;” and you saved that to your server.

If you’re using sqllite then parameterized queries is one method, see this:

In php you use: mysqli_real_escape_string…
Java has another method…

Also see: PHP MySQLi Prepared Statements Tutorial to Prevent SQL Injection

John

The backslash didn’t seem to work for me.

Thanks for the input everyone.

So far I’m doing this…


Function SafeSQL(s)
‘console.log(“SafeSQL:” & s)
SafeSQL = encodeURIComponent(Replace(s,"’","|*|"))
End Function


Function UnSafeSQL(s)
‘console.log(“UnSafeSQL:” & s)
UnSafeSQL = Replace(decodeURIComponent(s),"|*|","’")
End Function

Tip : If you’re pasting code, html or config files, surround the code with triple back ticks (```), before the first line and after the last one. It will be formatted properly. (We fixed it for you this time)