Apostrophe in SQL Syntax

Discussion in 'ASP .Net' started by =?Utf-8?B?QnJpYW4=?=, Mar 7, 2005.

  1. Thanks for your time.

    I've built an asp.net/vb.net CMS(Content Management System) application. I
    have several different UI's that provide the user the ability to maintain
    site content that is stored in a MySQL db. Currently I'm using ado.net to
    connect to the MySQL db.

    I'm having difficulty with apostrophes in the sql syntax that updates, and
    adds new records. (example:Joe's Garage causes an error).

    I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
    "'","/'") - MySQL escape chars. No luck. I was going to give parameters a
    try. Will this solve the problem? Does ADO support parameters - or are they
    strictly an OleDB type thing? The site is hosted, so I don't think that I
    can use DSNs, or install anything.
     
    =?Utf-8?B?QnJpYW4=?=, Mar 7, 2005
    #1
    1. Advertising

  2. =?Utf-8?B?QnJpYW4=?=

    Damon Payne Guest

    Using paramters will fix the issue.

    --
    ------------------------------------------
    Damon Payne
    http://www.damonpayne.com
    "Brian" <> wrote in message
    news:...
    > Thanks for your time.
    >
    > I've built an asp.net/vb.net CMS(Content Management System) application.

    I
    > have several different UI's that provide the user the ability to maintain
    > site content that is stored in a MySQL db. Currently I'm using ado.net to
    > connect to the MySQL db.
    >
    > I'm having difficulty with apostrophes in the sql syntax that updates, and
    > adds new records. (example:Joe's Garage causes an error).
    >
    > I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
    > "'","/'") - MySQL escape chars. No luck. I was going to give parameters

    a
    > try. Will this solve the problem? Does ADO support parameters - or are

    they
    > strictly an OleDB type thing? The site is hosted, so I don't think that I
    > can use DSNs, or install anything.
     
    Damon Payne, Mar 7, 2005
    #2
    1. Advertising

  3. You should use ADO.NET parameter objects. They will solve your problem and
    they will also protect you from SQL Injection Attacks, which it sounds like
    your code is probably vulnerable to at this time.

    Here's more info:
    http://msdn.microsoft.com/library/d...systemdatasqlclientsqlparameterclasstopic.asp

    http://msdn.microsoft.com/library/d...ngparameterizedstoredprocedurevisualbasic.asp

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://SteveOrr.net


    "Brian" <> wrote in message
    news:...
    > Thanks for your time.
    >
    > I've built an asp.net/vb.net CMS(Content Management System) application.
    > I
    > have several different UI's that provide the user the ability to maintain
    > site content that is stored in a MySQL db. Currently I'm using ado.net to
    > connect to the MySQL db.
    >
    > I'm having difficulty with apostrophes in the sql syntax that updates, and
    > adds new records. (example:Joe's Garage causes an error).
    >
    > I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
    > "'","/'") - MySQL escape chars. No luck. I was going to give parameters
    > a
    > try. Will this solve the problem? Does ADO support parameters - or are
    > they
    > strictly an OleDB type thing? The site is hosted, so I don't think that I
    > can use DSNs, or install anything.
     
    Steve C. Orr [MVP, MCSD], Mar 7, 2005
    #3
  4. Thanks for your posts - on sunday night no less. :)

    I'll move forward with the parameter method. Can anyone explain why the
    replace method failed?

    "Steve C. Orr [MVP, MCSD]" wrote:

    > You should use ADO.NET parameter objects. They will solve your problem and
    > they will also protect you from SQL Injection Attacks, which it sounds like
    > your code is probably vulnerable to at this time.
    >
    > Here's more info:
    > http://msdn.microsoft.com/library/d...systemdatasqlclientsqlparameterclasstopic.asp
    >
    > http://msdn.microsoft.com/library/d...ngparameterizedstoredprocedurevisualbasic.asp
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://SteveOrr.net
    >
    >
    > "Brian" <> wrote in message
    > news:...
    > > Thanks for your time.
    > >
    > > I've built an asp.net/vb.net CMS(Content Management System) application.
    > > I
    > > have several different UI's that provide the user the ability to maintain
    > > site content that is stored in a MySQL db. Currently I'm using ado.net to
    > > connect to the MySQL db.
    > >
    > > I'm having difficulty with apostrophes in the sql syntax that updates, and
    > > adds new records. (example:Joe's Garage causes an error).
    > >
    > > I've tried replace(mystring, "'","''") - double quotes, replace(mystring,
    > > "'","/'") - MySQL escape chars. No luck. I was going to give parameters
    > > a
    > > try. Will this solve the problem? Does ADO support parameters - or are
    > > they
    > > strictly an OleDB type thing? The site is hosted, so I don't think that I
    > > can use DSNs, or install anything.

    >
    >
    >
     
    =?Utf-8?B?QnJpYW4=?=, Mar 7, 2005
    #4
  5. =?Utf-8?B?QnJpYW4=?=

    Scott Allen Guest

    Hi Brian:

    Were you assigning the result of String.Replace into a new string?
    Replace doesn't modify the object you invoke the method upon, but
    instead returns a new instance of a string.

    --
    Scott
    http://www.OdeToCode.com/blogs/scott/

    On Sun, 6 Mar 2005 18:53:04 -0800, "Brian"
    <> wrote:

    >Thanks for your posts - on sunday night no less. :)
    >
    >I'll move forward with the parameter method. Can anyone explain why the
    >replace method failed?
    >
     
    Scott Allen, Mar 7, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. paul reed
    Replies:
    0
    Views:
    442
    paul reed
    Oct 17, 2003
  2. Replies:
    3
    Views:
    3,406
  3. MRW
    Replies:
    1
    Views:
    581
  4. RCITGuy
    Replies:
    1
    Views:
    277
    Joe Kaplan \(MVP - ADSI\)
    Jun 30, 2005
  5. Ken Bloom
    Replies:
    3
    Views:
    230
Loading...

Share This Page