Cannot insert single quot '' - in SQL Server from ASP.NET forms
-
Hi,
I'm design my table like this.
tablename - tblBulletin
field - filename(varchar), title(varchar), summary(varchar)
this in my SQL statement in ASP.NET programming (C#)
string insert_bulletin;
insert_bulletin = "INSERT INTO tblBulletin(filename, title, summary)";
insert_bulletin += "('" + filename.ToString().Trim() + "',";
insert_bulletin +="'" + txtTitle.Text.ToString().Trim() + "',";
insert_bulletin +="'" + txtSummary.Text.ToString().Trim() + "')";
Consider this, all data succesfully inserted, when i'm trying insert
filename = test.html
title = Tan Sri Dato' Hasan Kamil
summary = why we do the process 'anihilation'
--> my problem is MS Sql Server 2000 can't insert the title and summary because the single quot... what i should do? please help me.
-
Replace any single quote instances with two single quotes in your variables.
I should also use a stored procedure and use what ever the .NET equivalent of a Command object is (SQLCommand?) to pass in parameters.
I seem to remember that .NET has a specific function that escapes dodgy characters in VARCHARS.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply