Inserting a string 'india's' into a sql database

Question

I have a table xyz(name varchar(200)) i wanted to insert names such as 1.ramu's 2.shyam's when i try to insert using insert as it is throwing an error

quoted string not properly terminated 

insert into  xyz values('ramu's');

what database? pl/sql is not mysql. Please only use relevant tags. If you want an embedded quote then you need to escape it with two quotes '' — OldProgrammer, Aug 28 '17 at 16:10
use paramaterized queries or the appropriate escape characters. (doubling up ' so it's `insert into xyz values('ramu''s');` should work in this case.) But lets say a user passed in `';drop table xyz;--'` instead of `ramu's` what would happen? https://xkcd.com/327/ — xQbert, Aug 28 '17 at 16:14
This quoting issue is the same in all flavors of SQL, so the solution works in MySQL, PL/SQL, Redshift, etc. — Bill Karwin, Aug 28 '17 at 16:17

score 2 · Answer 1 · edited Aug 28 '17 at 16:16

2

The following will be helpful

INSERT INTO Xyz VALUES('Ram''s')

For one single quote, place two single quotes.

edited Aug 28 '17 at 16:16

Bill Karwin

538,548
86
673
828

answered Aug 28 '17 at 16:15

Shyam Vemula

591
2
14

Inserting a string 'india's' into a sql database

1 Answers1