Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
CODE PROJECT For Those Who Code
  • Home
  • Articles
  • FAQ
Community
  1. Home
  2. Database & SysAdmin
  3. Database
  4. problem with sending (') as string

problem with sending (') as string

Scheduled Pinned Locked Moved Database
helpcsharpasp-netdatabaseregex
6 Posts 4 Posters 1 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P Offline
    P Offline
    Pankaj18
    wrote on last edited by
    #1

    Hi, I have problem, i have designed a web page in asp.net 3.5. I have a TextBox and a button, the User is expected to write some comment in the TextBox. The TextBox can also have a comment pattern including a (') on the click of button the data in the TextBox will be inserted into SQL. Now the problem is : as you know that if u insert something in Varchar it has to be enclosed in ('), but in above case due to (') in the string itself there will be an error So, is there a way to insert the data in SQL. Thanks Pankaj

    L D R 3 Replies Last reply
    0
    • P Pankaj18

      Hi, I have problem, i have designed a web page in asp.net 3.5. I have a TextBox and a button, the User is expected to write some comment in the TextBox. The TextBox can also have a comment pattern including a (') on the click of button the data in the TextBox will be inserted into SQL. Now the problem is : as you know that if u insert something in Varchar it has to be enclosed in ('), but in above case due to (') in the string itself there will be an error So, is there a way to insert the data in SQL. Thanks Pankaj

      L Offline
      L Offline
      Lost User
      wrote on last edited by
      #2

      Pankaj18 wrote:

      So, is there a way to insert the data in SQL.

      Yup, use parameterized query's;

      // Update the demographics for a store, which is stored
      // in an xml column.
      string commandText = "UPDATE Sales.Store SET Demographics = @demographics "
      + "WHERE CustomerID = @ID;";

      using (SqlConnection connection = new SqlConnection(connectionString))
{
    SqlCommand command = new SqlCommand(commandText, connection);
    command.Parameters.Add("@ID", SqlDbType.Int);
    command.Parameters\["@ID"\].Value = customerID;

    // Use AddWithValue to assign Demographics.
    // SQL Server will implicitly convert strings into XML.
    command.Parameters.AddWithValue("@demographics", demoXml);

    try
    {
        connection.Open();
        Int32 rowsAffected = command.ExecuteNonQuery();
        Console.WriteLine("RowsAffected: {0}", rowsAffected);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

      (Sample taken from MSDN[^])

      I are Troll :suss:

      D 1 Reply Last reply
      0
      • P Pankaj18

        Hi, I have problem, i have designed a web page in asp.net 3.5. I have a TextBox and a button, the User is expected to write some comment in the TextBox. The TextBox can also have a comment pattern including a (') on the click of button the data in the TextBox will be inserted into SQL. Now the problem is : as you know that if u insert something in Varchar it has to be enclosed in ('), but in above case due to (') in the string itself there will be an error So, is there a way to insert the data in SQL. Thanks Pankaj

        D Offline
        D Offline
        David Skelly
        wrote on last edited by
        #3

        Use a parameterized query. http://aspnet101.com/aspnet101/tutorials.aspx?id=1[^]

        1 Reply Last reply
        0
        • L Lost User

          Pankaj18 wrote:

          So, is there a way to insert the data in SQL.

          Yup, use parameterized query's;

          // Update the demographics for a store, which is stored
          // in an xml column.
          string commandText = "UPDATE Sales.Store SET Demographics = @demographics "
          + "WHERE CustomerID = @ID;";

          using (SqlConnection connection = new SqlConnection(connectionString))
{
    SqlCommand command = new SqlCommand(commandText, connection);
    command.Parameters.Add("@ID", SqlDbType.Int);
    command.Parameters\["@ID"\].Value = customerID;

    // Use AddWithValue to assign Demographics.
    // SQL Server will implicitly convert strings into XML.
    command.Parameters.AddWithValue("@demographics", demoXml);

    try
    {
        connection.Open();
        Int32 rowsAffected = command.ExecuteNonQuery();
        Console.WriteLine("RowsAffected: {0}", rowsAffected);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

          (Sample taken from MSDN[^])

          I are Troll :suss:

          D Offline
          D Offline
          David Skelly
          wrote on last edited by
          #4

          Damn, if only I could type faster, I would have got there first.

          L 1 Reply Last reply
          0
          • D David Skelly

            Damn, if only I could type faster, I would have got there first.

            L Offline
            L Offline
            Lost User
            wrote on last edited by
            #5

            Next time you'll be the first to hit the submit-button, it's a small gambling machine. Anyway, I like it when a post gets (roughly) the same answer multiple times. Always a good sign if more than two developers agree on a solution :)

            I are Troll :suss:

            1 Reply Last reply
            0
            • P Pankaj18

              Hi, I have problem, i have designed a web page in asp.net 3.5. I have a TextBox and a button, the User is expected to write some comment in the TextBox. The TextBox can also have a comment pattern including a (') on the click of button the data in the TextBox will be inserted into SQL. Now the problem is : as you know that if u insert something in Varchar it has to be enclosed in ('), but in above case due to (') in the string itself there will be an error So, is there a way to insert the data in SQL. Thanks Pankaj

              R Offline
              R Offline
              Rob Philpott
              wrote on last edited by
              #6

              If you're not familiar with SQL Injection, which is a security issue, have a read about it. As others suggest you should always parameterize stuff like this rather than construct a string to do it, otherwise you might find your database missing one day...

              Regards, Rob Philpott.

              1 Reply Last reply
              0
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes

              • Login
              • Don't have an account? Register
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • World
              • Users
              • Groups