I have a problem with inserting a string with single quotes. For instance,
string testme = "we don't have anything";
insert into tableone (buff) values ("'" + testme + "'");
I get an error with the word "don't" with single quote. But if I delete the single quote "dont" then it is okay. Is is a bug in sql 2005? Please help. Thanks.
blumonde
The best bet is to use parameters. Building the SQL String as you are can cause all sorts of problems.
Absent that, you need to "Escape" the apostrophe. SO, do the following...
string testme = "we don''t have anything";
Note there are 2 apostrophes in a row...
|||
douglas.reilly:
The best bet is to use parameters. Building the SQL String as you are can cause all sorts of problems.
Absent that, you need to "Escape" the apostrophe. SO, do the following...
string testme = "we don''t have anything";
Note there are 2 apostrophes in a row...
Hi Douglas,
The problem is that end-users write those statements and hit insert. And they don't type two apostrophes. I can't "escape" it. Thanks.
blumonde
|||You then have two choices.
1.Use parameters.
2. Search the string for ' and replace it with '' (two apostrophes). Of course users are not going to use two apostrophes.
|||
You then have two choices.
1.Use parameters.
2. Search the string for ' and replace it with '' (two apostrophes). Of course users are not going to use two apostrophes.
I will try using parameter first. Thanks.
blumonde
|||Parameters did it for me. Thanks.
blumonde
No comments:
Post a Comment