Single quote problem in SQL Server

It is a query string problem when you are coding like this

string sqlstr = “insert into UserMember (Id, Name) values(1, ” + txtName.Text + “)”

if the txtName.Text has the value like this
1. testname’
2. ‘testname
3. testn’ame
etc.

the error message will be found
– Unclosed quotation mark before the character string ‘)
– Incorrect syntax near ‘testname’

Change txtName.Text to txtName.Text.replace(“‘”, “””) will solve this problem. Double single qoute will appear the empty space then no effect with query string and no error.

But you won’t found the problem while using Store Procedure because SP has no necessary with single quote when passing the parameter to SP like

set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [mobile].[GetCampaign] @v_campaignId int=null
AS
BEGIN
SET NOCOUNT ON;

select *
from Campaign
where CampaignId = ‘@v_campaignId’ — no single quote will be right
END