problem with INSERT statement

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • alexmaster_2004
    #1

    problem with INSERT statement

    hi
    i have made an application using C# that access sql2000.
    this application is just used to insert data to the database.
    i use something like this in my code:
    //
    string colmnA = TextBox1.Text;
    string comlnB = TextBox2.Text;
    string sqlstatment = "INSERT INTO TABLENAME VALUES(" +"'"+colmnA+ "'" + "," +
    "'" + colmnB + "'" + ")";

    everything was fine till someone have entered the following :
    colmnA = "My name'";
    colmnB = "Alex";

    then the INSERT statement is:
    INSERT INTO TABLENAME VALUES('My name'','Alex').
    As you see the second " ' " was the problem.
    i want to know how to avoid this problem.
    Is there is a meean that make the sql to insert the value as "My name'" to
    the DB.
    and not throw exception about the second " ' ".
    Thanks in advance
    Tags: None
    • Marvin Smit
      #2
      Re: problem with INSERT statement

      Hi,

      Little bit off topic in the webservices post.. think SQL would be
      better but...

      You have to escape the ' character if you want it inserted in text.

      Hope this helps,

      Marvin Smit.

      On Mon, 5 Sep 2005 22:03:03 -0700, alexmaster_2004
      <alexmaster2004 @discussions.mi crosoft.com> wrote:
      [color=blue]
      >hi
      >i have made an application using C# that access sql2000.
      >this application is just used to insert data to the database.
      >i use something like this in my code:
      >//
      >string colmnA = TextBox1.Text;
      >string comlnB = TextBox2.Text;
      >string sqlstatment = "INSERT INTO TABLENAME VALUES(" +"'"+colmnA+ "'" + "," +
      >"'" + colmnB + "'" + ")";
      >
      >everything was fine till someone have entered the following :
      >colmnA = "My name'";
      >colmnB = "Alex";
      >
      >then the INSERT statement is:
      >INSERT INTO TABLENAME VALUES('My name'','Alex').
      >As you see the second " ' " was the problem.
      >i want to know how to avoid this problem.
      >Is there is a meean that make the sql to insert the value as "My name'" to
      >the DB.
      >and not throw exception about the second " ' ".
      >Thanks in advance[/color]

        Comment

        • Prakash M
          #3
          RE: problem with INSERT statement

          Hi,

          User command and parameter objects to insert the record. This will solve the
          problem.
          --
          Prakash M


          "alexmaster_200 4" wrote:
          [color=blue]
          > hi
          > i have made an application using C# that access sql2000.
          > this application is just used to insert data to the database.
          > i use something like this in my code:
          > //
          > string colmnA = TextBox1.Text;
          > string comlnB = TextBox2.Text;
          > string sqlstatment = "INSERT INTO TABLENAME VALUES(" +"'"+colmnA+ "'" + "," +
          > "'" + colmnB + "'" + ")";
          >
          > everything was fine till someone have entered the following :
          > colmnA = "My name'";
          > colmnB = "Alex";
          >
          > then the INSERT statement is:
          > INSERT INTO TABLENAME VALUES('My name'','Alex').
          > As you see the second " ' " was the problem.
          > i want to know how to avoid this problem.
          > Is there is a meean that make the sql to insert the value as "My name'" to
          > the DB.
          > and not throw exception about the second " ' ".
          > Thanks in advance[/color]

            Comment

            Previous template Next
            Working...