locked
Dynamic sql unclosed quote error RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I'm having trouble with a dynamic sql query that contains a parameter that includes an apostrophe.  I have an application that replaces all single quotes with double quotes.   I receive an unclosed quote error when the stored procedure is executed. Here is a sample of the text that is causing the error.

    Application textbox value = 'I can't go home'

    After the replace logic is applied = 'I can''t go home'

    This value is passed to the @comments parameter of the stored procedure.

    Stored procedure
    delcare @d_sql varchar(max)
    declare @comments varchar(max)
    set @d_sql = @d_sql + insert into #tblComments select ''' + @comments + ''' '  --line causing error



    • Edited by James_P Wednesday, February 6, 2013 4:13 PM
    Wednesday, February 6, 2013 4:12 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi James,

    Try like this replace all single quotes with 2 single  quotes instead of double quotes.

    Try this link for different methods of handling quotes - http://social.msdn.microsoft.com/Forums/en/transactsql/thread/bbc61519-5136-4364-80fa-eff80efb3747

    --CREATE  TABLE ##tblComments(comments varchar(max)) 
DECLARE @d_sql varchar(max),
        @comments varchar(max)= 'I can ''''t go home'
SET @d_sql = 'insert into ##tblComments select ('''+@comments +''')'
EXEC(@d_sql)
PRINT @d_sql
SELECT * FROM  ##tblComments

    Thanks & Regards, sathya



    Wednesday, February 6, 2013 4:15 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    It's not clear why you use dynamic SQL in your stored procedure, I have a strong feeling that there is no need to at all. But in any case, you should not double any strings in the client code, but pass the input as is. Next in the stored procedure code would go:

    SELECT @sql = N'INSERT #tblCommands SELECT @comments'
EXEC sp_executesql @sql, N'@comments varchar(MAX)', @comment

    If you have never seen sp_executesql, you need to learn to master it, if you intend to use dynamic SQL. I have an article on my web site that discusses dynamic SQL in detail:

    http://www.sommarskog.se/dynamic_sql.html

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

    • Proposed as answer by Naomi N Thursday, February 7, 2013 3:31 AM
    • Marked as answer by Iric Wen Monday, February 18, 2013 6:17 AM
    Wednesday, February 6, 2013 11:01 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi James,

    Try like this replace all single quotes with 2 single  quotes instead of double quotes.

    Try this link for different methods of handling quotes - http://social.msdn.microsoft.com/Forums/en/transactsql/thread/bbc61519-5136-4364-80fa-eff80efb3747

    --CREATE  TABLE ##tblComments(comments varchar(max)) 
DECLARE @d_sql varchar(max),
        @comments varchar(max)= 'I can ''''t go home'
SET @d_sql = 'insert into ##tblComments select ('''+@comments +''')'
EXEC(@d_sql)
PRINT @d_sql
SELECT * FROM  ##tblComments

    Thanks & Regards, sathya



    Wednesday, February 6, 2013 4:15 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    am not quite sure what you are trying to do with @d_sql afterwards.. 

    declare @d_sql varchar(max)
declare @comments varchar(max)
set @d_sql = '' -- set initial value since @d_sql is currently null
set @comments = 'i can''t go home'
--have you overlooked to add a ' before insert?
set @d_sql = @d_sql + 'insert into #tblComments select ''' + @comments + ''' '  --line causing error
select @d_sql

    Philippine SQL Server Users Group : www.phissug.org

    Wednesday, February 6, 2013 4:31 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    It's not clear why you use dynamic SQL in your stored procedure, I have a strong feeling that there is no need to at all. But in any case, you should not double any strings in the client code, but pass the input as is. Next in the stored procedure code would go:

    SELECT @sql = N'INSERT #tblCommands SELECT @comments'
EXEC sp_executesql @sql, N'@comments varchar(MAX)', @comment

    If you have never seen sp_executesql, you need to learn to master it, if you intend to use dynamic SQL. I have an article on my web site that discusses dynamic SQL in detail:

    http://www.sommarskog.se/dynamic_sql.html

    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

    • Proposed as answer by Naomi N Thursday, February 7, 2013 3:31 AM
    • Marked as answer by Iric Wen Monday, February 18, 2013 6:17 AM
    Wednesday, February 6, 2013 11:01 PM