S
Stefan Richter
How do I encode double quotes and quotes and in a string in VB.NET?
It also has to be save for MS SQL Server...
Stefan
It also has to be save for MS SQL Server...
Stefan
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
Dan Brussee
If you use stored procedures, you dont need a lot of the quote and
other escaping you need to do otherwise. That being said, the only
"quote" issue you have (no pun intended) is with single quotes. In
this case, double the single quotes. A common way of doing this is
with the Replace method ...
sql = replace(str, "'", "''")
That's a single quote surrounded by double quotes as the 2nd parameter
and two single quotes surrounded by double quotes as the 3rd
parameter.
other escaping you need to do otherwise. That being said, the only
"quote" issue you have (no pun intended) is with single quotes. In
this case, double the single quotes. A common way of doing this is
with the Replace method ...
sql = replace(str, "'", "''")
That's a single quote surrounded by double quotes as the 2nd parameter
and two single quotes surrounded by double quotes as the 3rd
parameter.
S
Stefan Richter
thx, works!
J
Jon Skeet [C# MVP]
Stefan Richter said:How do I encode double quotes and quotes and in a string in VB.NET?
It also has to be save for MS SQL Server...
I would recommend avoiding escaping entirely when it comes to SQL
statements - use parameters instead, and you don't need to worry about
formatting or escaping.
You don't have to be using stored procedures to use parameters.
See http://www.pobox.com/~skeet/csharp/faq/#db.parameters for more
information.
M
Mattias Sjögren
Stefan,
You include double quotes in a string by doubling them, like this
"a ""quoted"" word"
Mattias
How do I encode double quotes and quotes and in a string in VB.NET?
You include double quotes in a string by doubling them, like this
"a ""quoted"" word"
Mattias