最好放到变量里~~如果是C#
SqlCommand cmd = new SqlCommand("UPDATE aa set a=@a", new SqlConnection(""));
SqlParameter param = new SqlParameter("@a", SqlDbType.VarChar);
param.Value=edit1.text;
cmd.Parameters.Add(param);
cmd.ExecuteNonQuery();
UPDATE aa set a='''+edit1.text+'''
-------------------------------------
declare @value varchar(2000)
select @value = edit1.text
select @value=replace(@value,'''','''''')
if @value is null select @value=''
UPDATE aa set a='''+@value+'''