replace function in C# part ii

Discussion in 'ASP .Net' started by Andy Sutorius, Feb 22, 2005.

  1. Hi,

    I read the thread (2/16/05) regarding a replace function in C# however it
    didn't answer my question. I have a string which is building an insert sql
    statement and I would like to replace apostrophes of the form fields. I was
    trying to do something like this:

    string sqlInsertEmails = "insert into tblContent (content, subject) values
    ('" + Replace(txtBody.Text,"'","''") + "', '" +
    Replace(txtSubject.Text,"'","''") + "')";

    How can I replace the apostrophe of the form fields (i.e. txtBody.Text)
    instead of running a replace function on the entire insert sql statement
    which would replace the apostrophes that are needed in the sql statement?

    Thanks,

    Andy
    Andy Sutorius, Feb 22, 2005
    #1
    1. Advertising

  2. I'm confused. In the code you just posted, you are not calling the
    String.Replace() for the entire SQL statement. You are replacing the values
    of 2 textboxes, which is what you seem to be asking how to do. Of course,
    your example is an unholy mixture of C# and VB syntax. It should read:

    string sqlInsertEmails = "insert into tblContent (content, subject) values
    "'" +
    txtBody.Text.Replace("'", "''") + "', '" +
    txtSubject.Text.Replace("'", "''") + "'";

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    Neither a follower nor a lender be.

    "Andy Sutorius" <> wrote in message
    news:JKKSd.14525$...
    > Hi,
    >
    > I read the thread (2/16/05) regarding a replace function in C# however it
    > didn't answer my question. I have a string which is building an insert sql
    > statement and I would like to replace apostrophes of the form fields. I
    > was
    > trying to do something like this:
    >
    > string sqlInsertEmails = "insert into tblContent (content, subject) values
    > ('" + Replace(txtBody.Text,"'","''") + "', '" +
    > Replace(txtSubject.Text,"'","''") + "')";
    >
    > How can I replace the apostrophe of the form fields (i.e. txtBody.Text)
    > instead of running a replace function on the entire insert sql statement
    > which would replace the apostrophes that are needed in the sql statement?
    >
    > Thanks,
    >
    > Andy
    >
    >
    Kevin Spencer, Feb 22, 2005
    #2
    1. Advertising

  3. Andy Sutorius

    Karl Seguin Guest

    Andy:
    I'm going to answer this in two parts.

    First to answer your question:

    "insert into xxx (content, subject) values ('" + txtBody.Text.Replace("'",
    "''") + "', '" ....


    Secondly, consider using parameterized values instead of concatenation like
    this. Do:

    someCommand.CommandText = "insert into xxx (content, subject) values (@body,
    @subject)"
    someCommand.Parameters.Add("@Body", SqlDbType.VarChar, 2048).Value =
    txtBody.Text
    someCommand.Parameters.Add("@Subject", SqlDbType.VarChar, 128).Value =
    txtSibject.Text

    you don't need to worry about replace single quotes this way, it provides
    more security and can be far more easily replaced with a stored procedure...

    Karl

    --
    MY ASP.Net tutorials
    http://www.openmymind.net/


    "Andy Sutorius" <> wrote in message
    news:JKKSd.14525$...
    > Hi,
    >
    > I read the thread (2/16/05) regarding a replace function in C# however it
    > didn't answer my question. I have a string which is building an insert sql
    > statement and I would like to replace apostrophes of the form fields. I

    was
    > trying to do something like this:
    >
    > string sqlInsertEmails = "insert into tblContent (content, subject) values
    > ('" + Replace(txtBody.Text,"'","''") + "', '" +
    > Replace(txtSubject.Text,"'","''") + "')";
    >
    > How can I replace the apostrophe of the form fields (i.e. txtBody.Text)
    > instead of running a replace function on the entire insert sql statement
    > which would replace the apostrophes that are needed in the sql statement?
    >
    > Thanks,
    >
    > Andy
    >
    >
    Karl Seguin, Feb 22, 2005
    #3
  4. Kevin and Karl,

    Thank you!

    Andy


    "Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
    wrote in message news:%...
    > Andy:
    > I'm going to answer this in two parts.
    >
    > First to answer your question:
    >
    > "insert into xxx (content, subject) values ('" + txtBody.Text.Replace("'",
    > "''") + "', '" ....
    >
    >
    > Secondly, consider using parameterized values instead of concatenation

    like
    > this. Do:
    >
    > someCommand.CommandText = "insert into xxx (content, subject) values

    (@body,
    > @subject)"
    > someCommand.Parameters.Add("@Body", SqlDbType.VarChar, 2048).Value =
    > txtBody.Text
    > someCommand.Parameters.Add("@Subject", SqlDbType.VarChar, 128).Value =
    > txtSibject.Text
    >
    > you don't need to worry about replace single quotes this way, it provides
    > more security and can be far more easily replaced with a stored

    procedure...
    >
    > Karl
    >
    > --
    > MY ASP.Net tutorials
    > http://www.openmymind.net/
    >
    >
    > "Andy Sutorius" <> wrote in message
    > news:JKKSd.14525$...
    > > Hi,
    > >
    > > I read the thread (2/16/05) regarding a replace function in C# however

    it
    > > didn't answer my question. I have a string which is building an insert

    sql
    > > statement and I would like to replace apostrophes of the form fields. I

    > was
    > > trying to do something like this:
    > >
    > > string sqlInsertEmails = "insert into tblContent (content, subject)

    values
    > > ('" + Replace(txtBody.Text,"'","''") + "', '" +
    > > Replace(txtSubject.Text,"'","''") + "')";
    > >
    > > How can I replace the apostrophe of the form fields (i.e. txtBody.Text)
    > > instead of running a replace function on the entire insert sql statement
    > > which would replace the apostrophes that are needed in the sql

    statement?
    > >
    > > Thanks,
    > >
    > > Andy
    > >
    > >

    >
    >
    Andy Sutorius, Feb 22, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob Nicholson

    3rd part list controls (to replace SELECT)

    Rob Nicholson, Jun 16, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    488
    Steven Cheng[MSFT]
    Jun 17, 2005
  2. Nonee
    Replies:
    11
    Views:
    994
    Neredbojias
    Jul 20, 2005
  3. Targa

    Replace QueryString part

    Targa, Feb 28, 2004, in forum: ASP General
    Replies:
    3
    Views:
    148
    Evertjan.
    Feb 29, 2004
  4. Jack
    Replies:
    8
    Views:
    258
  5. V S Rawat
    Replies:
    5
    Views:
    272
    Richard Cornford
    Jul 3, 2007
Loading...

Share This Page