Stored Procedure & Quotes!

I have a log in stored procedure. If some one was to enter a word containing
an apostrophe, i understandably get an error.
So i did the typical replace one quote with two. With standard sql
statements this often is the remedy.
In this case however i am still getting a syntax error. How do i deal with
apostrophe's in store procedure paremeters?

Thanks to all who respond!!!

eg:
EXEC do_login @account_name=dfsdf''s, @account_password=dsafsd

AJ

Re: Stored Procedure & Quotes!

On Sun, 17 Oct 2004 10:57:26 +1000, "Anthony Judd"
wrote:

>I have a log in stored procedure. If some one was to enter a word containing
>an apostrophe, i understandably get an error.
>So i did the typical replace one quote with two. With standard sql
>statements this often is the remedy.
>In this case however i am still getting a syntax error. How do i deal with
>apostrophe's in store procedure paremeters?

That would mostly depend on how you needed to treat them and what you
were doing with the data. Escaping them with a second single quote
works as far as code goes, but if your data shouldn't have quotes then
don't accept them to pass to the SP.

Jeff

Re: Stored Procedure & Quotes!

Anthony Judd wrote:
> I have a log in stored procedure. If some one was to enter a word
> containing an apostrophe, i understandably get an error.
> So i did the typical replace one quote with two. With standard sql
> statements this often is the remedy.
> In this case however i am still getting a syntax error. How do i deal
> with apostrophe's in store procedure paremeters?
>
> Thanks to all who respond!!!
>
> eg:
> EXEC do_login @account_name=dfsdf''s, @account_password=dsafsd
>
> AJ
Use parameters instead of dynamic sql. Then you won'r have to worry about
dealing with delimiters, or sql injection:

http://tinyurl.com/jyy0

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"