0

I am trying to insert json value in table but my json contains ' as well hence my query is not well formatted and I get error:

Unclosed quotation mark after the character string

My SQL query text in c# is as follows:

string query = " INSERT INTO [DGS].[DPN].CONSOLESESSIONTRACKING ([UCID], [SessionID], [MUCustomization]) VALUES(" + "'" + ucid + "'," + "'" + consoleSessionTracking.SessionId + "'" + consoleSessionTracking.cust + "'" + ") ";

How can I store json value containing ' in sql? Is there any workaround?

Huma Ali
  • 1,759
  • 7
  • 40
  • 66
  • 5
    please, USE PARAMETERS – apomene May 04 '18 at 10:28
  • Huma, please see the duplicate for how to fix your problem. – ProgrammingLlama May 04 '18 at 10:33
  • See https://stackoverflow.com/questions/1586560/how-do-i-escape-a-single-quote-in-sql-server – AndreasHassing May 04 '18 at 10:35
  • @Andreas That isn't really the correct way of doing it. – ProgrammingLlama May 04 '18 at 10:35
  • @AndreasBjørnHassingNielsen this is a very, very, very bad idea. Google for `Bobby Tables`. Besides, quote what? Double quotes, single quotes or single quotes inside double quotes? All combinations are valid in JSON – Panagiotis Kanavos May 04 '18 at 10:36
  • @john, and panagiotis-kanavos: Indeed, I misinterpreted the question :-). – AndreasHassing May 04 '18 at 10:37
  • You can use SqlCommand and SqlParameter for preventing errors that you have experienced as well as preventing SQL injection problems. Please refer to http://www.kodyaz.com/sql-server-tools/prevent-sql-injection-using-parameterized-query.aspx for a sample case showing how you can build a SQL command using SqlParameter and SqlCommand objects – Eralper May 04 '18 at 10:42

0 Answers0