Escaping apostrophes inserting into sql

M

mister-Ed

I have a datagrid, and when initializing my field variables, I need to
double up apostrophes so they are accepted into SQL dbase. In the line
below, i'm trying to do this with the Replace function, but i still
get an error when entering an apostrophe:

Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
textbox).Text.Replace("'", "''")

???
Mr. Ed
 
D

David Wier

Why don't you use parameterized queries, or stored Procedures?
That way, you don't need to worry about things like this, and your
application will be more secure also.

David Wier
http://aspnet101.com
http://iWritePro.com - One click PDF, convert .doc/.rtf/.txt to HTML with no
bloated markup
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

inserting apostrophes into DB? 4
How to read from data list it value into a label? 6
Replacing apostrophes for an sql statements 3
apostrophes in SQL statement 22
Inserting a Record Into SQL 2
problems inserting into sql using SqlHelper.ExecuteScalar 1
Way to loop code for inserting Checkboxlist values into DB? 0
VFP9 and SQL 2005 using VFP remote view Cannot insert the value NULL into column 0

Members online

Total: 34 (members: 1, guests: 33)
Robots: 466

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top