Full text search:SQL Server ignores single quote? - SQL Server Forums

Home | Weblogs | Forums

Site Sponsored By: SQLDSC - SQL Server Desired State Configuration

Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums

SQL Server 2005 Forums

.NET Inside SQL Server (2005)

Full text search:SQL Server ignores single quote?

Author

Topic

aurose
Starting Member

1 Post

Posted - 2009-09-08 : 05:09:21

Hi Guys,

I found a weried problem that when I doing full-text search in SQL Server(SQL Server 2008 Express Edition) using C#(LINQ) and if I passed in a search creteria with a single quote, it can't get any result back.But if I tried to execute the same SQL statement in SQL Server Managent Studio, it returns result...It's so absurd..

I replaced single quote in search creteria with two single quotes. replaced double quote with two double quotes.

SQL:

SELECT *
FROM myTable
WHERE (CONTAINS(myTable.*, '"xx''xx"')

Work arround:

I tried to set stoplist to off, but the result WAS the same( no results).

I tried to execute the same application in another two PCs (PC-B,PC-C, SQL Server 2008 Developer, and SQL 2005 Express), the application works pretty good.

Can any one tell me the reason.

Kindest regard,
Rosy

sql-programmers
Posting Yak Master

190 Posts

Posted - 2009-11-23 : 10:34:08

If you pass the parameter directly to the query it may result in error when the parameter contains single quotes and it will be one of the security issues (the single quote is a special character in SQL server). So it would be better if you use stored procedures.

SQL Server Programmers and Consultants
http://www.sql-programmers.com/

wayne.zjw
Starting Member

10 Posts

Posted - 2009-12-23 : 16:06:49

that's really a problem
i met that too

quote:
Originally posted by aurose

Hi Guys,

I found a weried problem that when I doing full-text search in SQL Server(SQL Server 2008 Express Edition) using C#(LINQ) and if I passed in a search creteria with a single quote, it can't get any result back.But if I tried to execute the same SQL statement in SQL Server Managent Studio, it returns result...It's so absurd..

I replaced single quote in search creteria with two single quotes. replaced double quote with two double quotes.

SQL:

SELECT *
FROM myTable
WHERE (CONTAINS(myTable.*, '"xx''xx"')

Work arround:

I tried to set stoplist to off, but the result WAS the same( no results).

I tried to execute the same application in another two PCs (PC-B,PC-C, SQL Server 2008 Developer, and SQL 2005 Express), the application works pretty good.

Can any one tell me the reason.

Kindest regard,
Rosy

RAQ Report - the best free java reporting tool ever

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources