VB.net Escaping

S

Stefan Richter

How do I encode double quotes and quotes and in a string in VB.NET?
It also has to be save for MS SQL Server...


Stefan
 
D

Dan Brussee

If you use stored procedures, you dont need a lot of the quote and
other escaping you need to do otherwise. That being said, the only
"quote" issue you have (no pun intended) is with single quotes. In
this case, double the single quotes. A common way of doing this is
with the Replace method ...

sql = replace(str, "'", "''")

That's a single quote surrounded by double quotes as the 2nd parameter
and two single quotes surrounded by double quotes as the 3rd
parameter.
 
J

Jon Skeet [C# MVP]

Stefan Richter said:
How do I encode double quotes and quotes and in a string in VB.NET?
It also has to be save for MS SQL Server...
Click to expand...

I would recommend avoiding escaping entirely when it comes to SQL
statements - use parameters instead, and you don't need to worry about
formatting or escaping.

You don't have to be using stored procedures to use parameters.

See http://www.pobox.com/~skeet/csharp/faq/#db.parameters for more
information.
 
M

Mattias Sjögren

Stefan,
How do I encode double quotes and quotes and in a string in VB.NET?
Click to expand...

You include double quotes in a string by doubling them, like this

"a ""quoted"" word"



Mattias
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remove double quotes from a string 5
need help looping through string of names 1
SQL connection string encoded in a Uri? 5
Decode function in vb.net 0
MIME BASE64 3
escaping double quotes in Regex 3
vb.net conection string to C# -- problem 6
How do I get VB.NET to compile/build a simple program.exe 2

Top