Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail
From: Gene Wirchenko <genew@ocis.net>
Newsgroups: comp.databases.ms-sqlserver,microsoft.public.sqlserver.programming
Subject: Escape Characters in Strings
Date: Tue, 21 Aug 2012 15:39:00 -0700
Organization: A noiseless patient Spider
Lines: 21
Message-ID: <n03838l2qs18qe540g4fe6j3stemkeo5pr@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: mx04.eternal-september.org; posting-host="c0a6a1dc41fc92eb7000e57afbd16211"; logging-data="13251"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19tntn4y9WU4pifLG/SYD1mSDigaFyCmZg="
X-Newsreader: Forte Agent 4.2/32.1118
Cancel-Lock: sha1:zcB3ZHMjk3aQ1wHGKMBZ31gGMdg=
Xref: csiph.com comp.databases.ms-sqlserver:1224

Dear SQLers:

     Does SQL Server have any string escape characters besides
doubling of quotation marks as in
          'This is a single quotation mark('').'
          "This is a double quotation mark("")."
I will have text which could contain both.

     While I am at it, I want to handle any other special character
sequences.

     I am referring to plain string values as would be stored in a
column, not LIKE strings, etc.

     Why, yes, I am sanitising input.  It is from a Web browser so I
do not see how I can avoid using sanitising.  If there is such a
solution, please let me know.

Sincerely,

Gene Wirchenko