SyntaxFix

[sql] How do I search for names with apostrophe in SQL Server? 

SELECT *
  FROM Header
 WHERE (userID LIKE [%'%])

This question is related to sql sql-server apostrophe

The answer is

SELECT *   FROM Header  WHERE userID LIKE '%' + CHAR(39) + '%' 

SELECT * FROM TableName WHERE CHARINDEX('''',ColumnName) > 0

When you have column with large amount of nvarchar data and millions of records, general 'LIKE' kind of search using percentage symbol will degrade the performance of the SQL operation.

While CHARINDEX inbuilt TSQL function is much more faster and there won't be any performance loss.

Reference SO post for comparative view. 

select * from Header where userID like '%''%'

Hope this helps.

That's:

SELECT * FROM Header 
WHERE (userID LIKE '%''%')

First of all my Search query value is from a user's input. I have tried all the answers on this one and all the results Google have given me, 90% of the answers says put '%''%' and the other 10% says a more complicated answers.

For some reason all of those did not work for me.

How ever I remembered that in MySQL (phpmyadmin) there is this built in search function so I tried it just to see how MySQL handles a search with an apostrophe, turns out MySQL just escaping apostrophe with a backslash LIKE '%\'%' so why just I replace apostrophe with a \' in every user's query.

This is what I come up with:

if(!empty($user_search)) {
        $r_user_search = str_ireplace("'","\'","$user_search");
        $find_it = "SELECT * FROM table WHERE column LIKE '%$r_user_search%'";
        $results = $pdo->prepare($find_it);
        $results->execute();

This solves my problem. Also please correct me if this is still has security issues.

Brackets are used around identifiers, so your code will look for the field %'% in the Header table. You want to use a string insteaed. To put an apostrophe in a string literal you use double apostrophes.

SELECT *
FROM Header WHERE userID LIKE '%''%'

SELECT     *
FROM Header WHERE (userID LIKE '%''%')

Compare Names containing apostrophe in DB through Java code 

String sql="select lastname  from employee where FirstName like '%"+firstName.trim().toLowerCase().replaceAll("'", "''")+"%'"

statement = conn.createStatement();
        rs=statement.executeQuery(Sql);

iterate the results.

Source: Stackoverflow.com

Examples related to sql

Passing multiple values for same variable in stored procedure SQL permissions for roles Generic XSLT Search and Replace template Access And/Or exclusions Pyspark: Filter dataframe based on multiple conditions Subtracting 1 day from a timestamp date PYODBC--Data source name not found and no default driver specified select rows in sql with latest date for each ID repeated multiple times ALTER TABLE DROP COLUMN failed because one or more objects access this column Create Local SQL Server database

Examples related to sql-server

Passing multiple values for same variable in stored procedure SQL permissions for roles Count the Number of Tables in a SQL Server Database Visual Studio 2017 does not have Business Intelligence Integration Services/Projects ALTER TABLE DROP COLUMN failed because one or more objects access this column Create Local SQL Server database How to create temp table using Create statement in SQL Server? SQL Query Where Date = Today Minus 7 Days How do I pass a list as a parameter in a stored procedure? SQL Server date format yyyymmdd

Examples related to apostrophe

What is ' and why does Google search replace it with apostrophe? HTML Best Practices: Should I use ’ or the special keyboard shortcut? How do I search for names with apostrophe in SQL Server?

Tags

Objectfactory Subfigure Pdf-generation Portrait Glr Numberformatexception Adblock Registerclientscriptblock Eclipse-3.2 Wtai Msgbox Test-environments Visual-studio-2008-sp1 Google-widget P4merge Undeclared-identifier Xp-mode Suhosin Gcc-warning Protein-database Prepared-statement Cpu-time Lynx Broadband Compound-assignment Html-table Readdir Timefield Lasso-regression Web-operating-system Preon Pytz Coderef Simplex Recycle-bin Date-arithmetic Github Nurbs Ms-access-2003 Gtktextview Scanf Custom-font Microsoft-contracts Clojurebox Grails-plugin Itunes-store Css-reset Density-independent-pixel Signtool Jgss Gconf Bank Backticks Language-recognition Epad Jointable Runtimeexception Tinybutstrong Tasklist Maven Dimension-reduction Php-mode Subshell Dynamic-ip Jquery-ui-css-framework Onreadystatechange Phishing Jsdt .a Getch Mysql-error-1040 Surface-toolkit Drop-table Instances Actas Spy++ Logcat Bluecloth Away3d Acts-as-taggable Subsonic-v3p2 Moveabletype Cox-regression Evb Strcpy Surefire Unfuddle Htmlspecialchars Click-counting Controller Sshd Wysiwyg Disk Readline Projector User-mode-linux Crc Drawtext Treegrid Outline-view