update help

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

I have an update page and on the page there are sometimes names with 's
(car's) in it
When I try to update it i get a syntax error. How can i update the record
with a 's (car's) in the name?

thx
 
Hi Mike,

I think John's suggestion is quite reasonable, in the sql statement ,some
characters are not allowed in it ,such as the single quote ' , and
generally we have to replace it with other char. If we use the sqlcomand 's
parameters to set the value, it'll automatically replace for us. Also, use
parameters is has more to do on security as John has mentiond. And here is
another tech article in MSDN discussing on this:

#Secure ADO.NET Coding Guidelines
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconsecureadonetcoding
guidelines.asp?frame=true

Hope also helps. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
 
You may also replace a single quote with 2 single quotes like this

Replace(strVal,"'", "''")

or use bind variables as denoted in the previous reply


Regards,

Trevor Benedict R

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
 
Back
Top