0

I have VB.net website. Somewhere I have used Update Query which has no errors in terms of syntax but suppose If user has selected some symbolic values like below

UPDATE Table SET Column = ''A'-wing' Where ID = '123'

So here in column the value 'A'-wing has quote which result to syntax error in my query. How do I avoid users option related error in query?

  • 2
    Possible duplicate of [How do I escape special characters in MySQL?](http://stackoverflow.com/questions/881194/how-do-i-escape-special-characters-in-mysql) – Iwo Kucharski May 09 '16 at 06:45

1 Answers1

0

You have to escape your quotes by adding a backslash in front of them. Change your query to this:

UPDATE Table SET Column = '\'A\'-wing' Where ID = '123'

For more informations about this, check the official documentation here.

Aurasphere
  • 3,841
  • 12
  • 44
  • 71
  • Query I am not parsing manually. User selects the values & if such symbol occurred in selection then only error comes. –  May 09 '16 at 07:00
  • I don't get what's the problem. Can't you add a check if the table name contains quotes and escape them? – Aurasphere May 09 '16 at 07:53