Can you help me?

abglorie

I want some idea from your briliant mind. My dout as how to insert or update a string value using sql quries. the string value as Women's Studies Now use this Dim mystring as string = "Women's Studies" MySql = "INSERT into tblName (Dept) values ('" & mystring & "')" or MySql = "UPDATE tblName SET Dept='" & mystring & "' where dept='Womens Studies'" in above quries not working. How to possible it? Please give an example. Thanking you in advance. abglorie

Parwej Ahamad

What the exception are throwing ?

/***********************/ Parwej Ahamad g.parwez@gmail.com /***********************/

abglorie

The exception is Incorrect syntax near 'S'. Unclosed quotation mark before the character string ''.

N a v a n e e t h

Print the variable MySql before you execute them. You will find the error then. Also your code is open for SQL Injection. Read articles about SQL injection and change your query.

All C# applications should call Application.Quit(); in the beginning to avoid any .NET problems.- Unclyclopedia My Website | Ask smart questions

abglorie

Please give me an example.

N a v a n e e t h

abglorie wrote:

Please give me an example.

Example for ?

All C# applications should call Application.Quit(); in the beginning to avoid any .NET problems.- Unclyclopedia My Website | Ask smart questions

Imran Khan Pathan

abglorie wrote:

Dim mystring as string = "Women's Studies"

Replcae "'" to "`" and insert into database. At retriving from database, Replace "`" into "'" for example Dim mystring as string = "Women's Studies" mystring =mystring.replace("'","`"); MySql = "INSERT into tblName (Dept) values ('" & mystring & "')" .......

please don't forget to vote on the post that helped you.

J4amieC

if you use parameterised queries it solves both a) The apostrophe problem and b) the sql injection vulnerability problem.