- CATALOG -
Escaping Single Quotes in SQL Server Queries: Best Practices and Techniques
folder [sql sql-server]  

SQL Server Query with Single Quote (')

When working with databases, especially in environments like SQL Server, it’s common to encounter the single quote character as part of a string value. However, in most programming languages, including SQL, the single quote is used to denote string literals. This can lead to confusion and errors when trying to retrieve data that includes the same character.

Understanding String Literals in SQL

In SQL Server, when a string literal is enclosed within single quotes, any single quotes within the string are escaped by being preceded or followed by another single quote. For example:

SELECT * FROM table WHERE column LIKE '%single%''quote%'

In this example, the single quote characters within the string are treated as part of the string value.

The Problem with Single Quotes in SQL Queries

When a query is written using single quotes for string literals, it can lead to syntax errors if not used correctly. For instance:

SELECT * FROM table WHERE column = 'hello''world'

In this example, the string 'hello'world would be interpreted as two separate values: hello' and world. This is because SQL Server expects single quotes to enclose string literals.

Escaping Single Quotes in SQL Queries

To avoid these issues, you can use one of the following methods:

Method 1: Using Double Quotes

In SQL Server, when QUOTED_IDENTIFIER is set to ON (the default), double quotes (") are used to delimit string literals. This means that single quotes within a string value do not need to be escaped.

SET QUOTED_IDENTIFIER ON;

SELECT * FROM table WHERE column LIKE "%'single%''quote%'"

However, when QUOTED_IDENTIFIER is set to OFF (which can be useful in some situations), you must escape single quotes using either double quotes or the double-dash (--) method.

Method 2: Using Single-Dash Escaping

When QUOTED_IDENTIFIER is set to OFF, you can use the following syntax to escape single quotes:

SET QUOTED_IDENTIFIER OFF;

SELECT * FROM table WHERE column LIKE '%-'single'-''quote'-%'

In this example, the single-dash (-) followed by a quote marks the end of each word.

Method 3: Using Two Single Quotes

As mentioned in the original answer, another way to escape single quotes is by using two single quotes together:

SELECT * FROM table WHERE column LIKE '%''%'

This method treats the first single quote as an opening quote and the second one as a closing quote.

Best Practices for Working with Strings in SQL Server

When working with strings in SQL Server, it’s essential to be mindful of how quotes are used. Here are some best practices:

  • Always check the QUOTED_IDENTIFIER setting in your environment.
  • Use double quotes (") when QUOTED_IDENTIFIER is ON and you’re dealing with string literals.
  • Use single-dash escaping or two single quotes together when QUOTED_IDENTIFIER is OFF.

Avoiding Syntax Errors

To avoid syntax errors when working with SQL Server queries, remember that:

  • A single quote within a string literal must be escaped using either double quotes, the double-dash method, or two single quotes together.
  • The backtick (\) character can also be used to escape single quotes in certain contexts.

Conclusion

SQL Server’s handling of string literals and single quotes can be confusing if not understood correctly. By knowing how to properly quote strings using QUOTED_IDENTIFIER settings and escaping techniques, you’ll avoid common syntax errors and become more efficient when working with SQL Server queries.

Additional Tips:

  • Always review your query carefully after writing it to ensure that all string literals are correctly quoted.
  • Test your queries thoroughly before running them in production environments.
  • Familiarize yourself with the different escaping methods available in SQL Server.

Last modified on 2023-07-17

Real-World Coding Tutorials
Hugo Theme Diary by Rise
Ported from Makito's Journal.

© 2025 Real-World Coding Tutorials
- CATALOG -