- 1). Click the Windows "Start" button and select "All Programs." Click the "SQL Server" program group icon, then click "SQL Server Management Studio."
- 2). Log in to your database server and click the database name to expand a list of options. Click "Programmability" to open a list of stored procedures. Right-click the stored procedure used in your Web app and select "Modify."
- 3). Locate the stored procedure variable that inputs information into the database. This is the variable you must edit when you sanitize the SQL code.
- 4). Add the SQL "Replace" function to replace single quotes with double quotes. Double quotes are considered "literals" in SQL, so the quotes sent from the website do not start or terminate a string. The following code shows you how to use the SQL Replace function:
set sanitized_value = Replace(@input, '''', '''''')
The code above changes any single quote to a double quote. - 5). Press the "F5" key to run the code and save the changes to the stored procedure.
Source...