Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / New Users / March 2008

Tip: Looking for answers? Try searching our database.

single quote in data

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
barry - 27 Mar 2008 15:31 GMT
Hi

when inserting data into a Sql Database table if i have a value like

"Uncle's Kitchen"

It throws a error, someone had suggested i use Parameter, i tried to use
SqlParameter it still gives errors.

I remember getting a similar error when inserting using Dataset.

How do i insert such data (without replacing ' with something else)

TIA
Barry
Reply to this Message
Jon Skeet [C# MVP] - 27 Mar 2008 15:39 GMT
> when inserting data into a Sql Database table if i have a value like
>
[quoted text clipped - 6 lines]
>
> How do i insert such data (without replacing ' with something else)

Using a parameterised update/insert *will* work, and is indeed how you
should do it.

Could you post a short but complete program which demonstrates the
problem (while using parameters)?

See http://www.pobox.com/~skeet/csharp/complete.html for details of
what I mean by that.

Signature

Jon Skeet - <skeet@pobox.com>
http://www.pobox.com/~skeet   Blog: http://www.msmvps.com/jon.skeet
World class .NET training in the UK: http://iterativetraining.co.uk

Reply to this Message
barry - 28 Mar 2008 08:15 GMT
thanks for your answer.

There was some misunderstanding, SqlParameter does work with singlequotes in
data, i was contructing string like this

"Select * from xxx Where CompanyName='" +sCompanyName+"'"

unfortunately sCompanyName had a singlequote in the data and i was not using
SqlParameter since it is Select statement, generally use it for Update and
Insert statements, i suppose it is better to use SqlParameter as often as
possible.

>> when inserting data into a Sql Database table if i have a value like
>>
[quoted text clipped - 15 lines]
> See http://www.pobox.com/~skeet/csharp/complete.html for details of
> what I mean by that.
Reply to this Message
Jon Skeet [C# MVP] - 28 Mar 2008 09:23 GMT
> thanks for your answer.
>
[quoted text clipped - 7 lines]
> Insert statements, i suppose it is better to use SqlParameter as often as
> possible.

Absolutely. *Never* put user-provided data directly in SQL statements
unless you're writing a SQL editor :)

Signature

Jon Skeet - <skeet@pobox.com>
http://www.pobox.com/~skeet   Blog: http://www.msmvps.com/jon.skeet
World class .NET training in the UK: http://iterativetraining.co.uk

Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.