SQL Insert Command - Field with Punctuation

  • Thread starter Thread starter B-Dog
  • Start date Start date
B

B-Dog

I have a vb form that I'm using to insert some data off the fields in the
sql server but if any of the field have punctuation like comma, dash,
apostrophe's it throws an error on insert. Any ideas, why? All the fields
in the database and dataset except for ID and Date are strings. Here is my
insert command. Thanks

Dim sqlInsert As String = "INSERT INTO Files ( FileName, Link, Description,
WO, sTo, WONumber, " _
& "Client, FileTo, FileFrom) SELECT '" & filename & "', '" & link & "', '" &
fDescription.Text & "', '" & wo & "', '" _
& fDistribution.Text & "', '" & woNumber & "', '" & client & "', '" &
fTo.Text & "', '" & fFrom.Text & "'"
 
Don't use string concatenation from queryes, it's a bad pratice.

Use somewath like this:

Dim sqlInsert As String = "INSERT INTO Files ( FileName, Link, Description,
WO, sTo, WONumber, Client, FileTo, FileFrom) VALUES( @FileName, @Link,
@Description,
@WO, @sTo, @WONumber, @Client, @FileTo, @FileFrom)

Dim cmd as SqlCommand=new SqlCommand(sqlInsert ,connection)

cmd.Parameters.Add("@FileName",filename)
cmd.Parameters.Add("@Link",link)
.....
cmd.ExecuteNonQuery()

It should work.
I suggest you to use always parameters instead of string concatenation.

Excuse me for my bad english.
 
Add a Semicolon at the end of each line and just change the declaration ie
SqlCommand cmd = new SqlCommand(sqlInsert, connection);

Definitely want to avoid the dynamic sql - nothing but drama if you're not
using parameters.
 
Thanks, I'll give it a try.


Cirrosi said:
Don't use string concatenation from queryes, it's a bad pratice.

Use somewath like this:

Dim sqlInsert As String = "INSERT INTO Files ( FileName, Link, Description,
WO, sTo, WONumber, Client, FileTo, FileFrom) VALUES( @FileName, @Link,
@Description,
@WO, @sTo, @WONumber, @Client, @FileTo, @FileFrom)

Dim cmd as SqlCommand=new SqlCommand(sqlInsert ,connection)

cmd.Parameters.Add("@FileName",filename)
cmd.Parameters.Add("@Link",link)
....
cmd.ExecuteNonQuery()

It should work.
I suggest you to use always parameters instead of string concatenation.

Excuse me for my bad english.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

how to get the id of the inserted datarow? 3
Cannot insert record 2
Image Field and "Object must implement IConvertible" 1
inserting ' into a record, then searching on it 2
DataAdapter.Update calling Insert Command with DbNull values 2
Question on the replace function for Inserting into SQL 5
SQL Update/Insert - problem with Apostrophes 1
[MSSQL] [WebService] Last inserted ID in transaction 6

Back
Top