Escaping apostrophe when inserting into sql database

M

mister-Ed

I have a datagrid, and when initializing my field variables, I need to
double up apostrophes so they are accepted into SQL dbase. In the line
below, i'm trying to do this with the Replace function, but i still
get an error when entering an apostrophe:

Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
textbox).Text.Replace("'", "''")

???
Mr. Ed
 
G

Guest

mister-Ed,

If you use parameters to supply variable data then you should not need to
worry about escaping apostrophes.

Parameters will also help guard agains SQL Injection attacks.

Kerry Moorman
 
P

Phill W.

mister-Ed said:
I need to double up apostrophes so they are accepted into SQL dbase.
In the line below, i'm trying to do this with the Replace function,
but i still get an error when entering an apostrophe:
Click to expand...

As ever ... /what/ error???
Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
textbox).Text.Replace("'", "''")
Click to expand...

That could get you a NullReferenceException, a TypeCastException, or any
others that the Framework might feel like throwing at you.

Dim sCompany As String = String.Empty
Dim tb as TextBox _
= DirectCast( e.Item.FindControl("textbox3") )
If Not ( tb Is Nothing ) Then
sCompany = tb.Text
End If

sSQL = "update ... "
& set ... = '" & sCompany.Replace("'", "''") & "'"

HTH,
Phill W.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Escaping apostrophes inserting into sql 1
Using SQL to replace an apostrophe 1
SQL apostrophe question 3
VBA Find and Replace isn't working on apostrophe within cell value 2
How to read from data list it value into a label? 6
Datagrid inserts blank space into textboxes? 1
Inserting data to MS SQL Database 2
Best way to 'secure' SQL entries (stray quotes and such) 4

Top