HtmlEncode and apostrophes

[musosdev]

Hi

I'm trying to code up an admin system for my website. A couple of the
welcome text paragraphs are stored in an SQL database, so that we can update
them should we need to. However, even though I'm using the HTMLEncode method
(I've also tried the URLEncode method), the apostrophe always remains, and
then when I try and do the update query, I get...

Unclosed quotation mark after the character string

The SQL is UPDATE StaticPages SET Text = 'blah' WHERE PageID = 'ABOUT'

The code only breaks when the Text variable contains an apostrophe. But, I'm
using an encoding method? Why is the apostrophe not being encoded?

Thanks,


Dan

 

[David Wier]

the sql never hits the page, and is not shown - - it's not an HTML/urlEncode
situation - -
you'd need to double the single quotes to get SQL to recognize it, since the
update statement is a string - -
But first - I'd suggest not doing it with concatenation this way - used
parameterized queries:
http://www.aspnet101.com/aspnet101/tutorials.aspx?id=1 (2 part tutorial)


David Wier
http://aspnet101.com
http://iWritePro.com - One click PDF, convert .doc/.rtf/.txt to HTML with no
bloated markup

 

[musosdev]

Thanks David - Parameterised queries worked first time! A good one to remember!