declare @inject nvarchar(4000) = NCHAR(0x02bc) + N'; select 1/0; select ' + nchar(0x02bc); declare @safe nvarchar(4000) = REPLACE(@inject, N'''', N''''''); declare @sql varchar(4000) = N'SELECT ''' + @safe + N''''; print @inject; print @safe; print @sql; Read More...