In response to Andre Lopes <lopes80andre@gmail.com>:
> Hi,
>
> I need to escape quotes on an insert into that have a quote like this:
>
> http://host.com/cond'nast
>
> How can I escape " ' " on an insert into?
It depends:
The best way is to pass the string as a parametrized query, then you don't
have to escape anything.
The second best way is to use the string escape function for whatever
language your programming in.
If you don't have either of those available, you should reconsider your
choice of language/client library, as writing your own escape functions is
bad news.
If you're forced to write the raw SQL statements for some reason, you
escape ' with a second ', so:
INSERT INTO tablename (colname) VALUES ('http://host.com/cond''nast');
--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/