single quote in data

  • Thread starter Thread starter barry
  • Start date Start date
B

barry

Hi

when inserting data into a Sql Database table if i have a value like

"Uncle's Kitchen"

It throws a error, someone had suggested i use Parameter, i tried to use
SqlParameter it still gives errors.

I remember getting a similar error when inserting using Dataset.

How do i insert such data (without replacing ' with something else)


TIA
Barry
 
barry said:
when inserting data into a Sql Database table if i have a value like

"Uncle's Kitchen"

It throws a error, someone had suggested i use Parameter, i tried to use
SqlParameter it still gives errors.

I remember getting a similar error when inserting using Dataset.

How do i insert such data (without replacing ' with something else)

Using a parameterised update/insert *will* work, and is indeed how you
should do it.

Could you post a short but complete program which demonstrates the
problem (while using parameters)?

See http://www.pobox.com/~skeet/csharp/complete.html for details of
what I mean by that.
 
thanks for your answer.

There was some misunderstanding, SqlParameter does work with singlequotes in
data, i was contructing string like this

"Select * from xxx Where CompanyName='" +sCompanyName+"'"

unfortunately sCompanyName had a singlequote in the data and i was not using
SqlParameter since it is Select statement, generally use it for Update and
Insert statements, i suppose it is better to use SqlParameter as often as
possible.
 
barry said:
thanks for your answer.

There was some misunderstanding, SqlParameter does work with singlequotes in
data, i was contructing string like this

"Select * from xxx Where CompanyName='" +sCompanyName+"'"

unfortunately sCompanyName had a singlequote in the data and i was not using
SqlParameter since it is Select statement, generally use it for Update and
Insert statements, i suppose it is better to use SqlParameter as often as
possible.

Absolutely. *Never* put user-provided data directly in SQL statements
unless you're writing a SQL editor :)
 
Back
Top