best practive for inserting ' and " chars on database

Luminal · Sep 16, 2004

greetings

i'm developing an C# application using Access as database and I'm having
problems inserting data containing the ' char and the " char. What is
the best practice to insert this chars on database?

TIA

Lum

Nicholas Paldino [.NET/C# MVP] · Sep 16, 2004

Lum,

You actually shouldn't be doing it at all. When you have strings that
you need to embed in your sql statements, create a parameterized query, and
then pass the string to the parameter object itself. The provider will be
responsible for handling the correct quoting for you.

It also adds security to your system overall (you won't be subject to
SQL injection attacks).

Hope this helps.

Luminal · Sep 17, 2004

Hi,

wel, I think this helps, but can you give a little example or article
about parameterized queries?

Thanks

Lum

Jon Skeet [C# MVP] · Sep 17, 2004

Luminal said:
wel, I think this helps, but can you give a little example or article
about parameterized queries?

If you look up SqlCommand.Parameters in MSDN you'll find an example
there. If you're not using SQL Server, look up the equivalent for your
provider.

best practive for inserting ' and " chars on database

Luminal

Nicholas Paldino [.NET/C# MVP]

Luminal

Jon Skeet [C# MVP]