Escape Single Quote
-
Hi, Is there a simple method to place two single quotes anywhere there is a single quote so that single quotes can be inserted into a database? Currently I have been searching through each string (textbox, or what ever it may be) and manually (looking at each character in the string) replacing the single quote with two single quotes. I have also tried the Replace function but that does not appear to change the single quotes. If any one has experinced this please pass on your knowledge or point me in the right direction. Thanks Joe
-
Hi, Is there a simple method to place two single quotes anywhere there is a single quote so that single quotes can be inserted into a database? Currently I have been searching through each string (textbox, or what ever it may be) and manually (looking at each character in the string) replacing the single quote with two single quotes. I have also tried the Replace function but that does not appear to change the single quotes. If any one has experinced this please pass on your knowledge or point me in the right direction. Thanks Joe
If you use parametarised queries you can get around this problem. Also, parameterised queries are more secure as they are less suseptable to injection attacks.
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell Not getting the response you want from a question asked in an online forum: How to Ask Questions the Smart Way!
-
Hi, Is there a simple method to place two single quotes anywhere there is a single quote so that single quotes can be inserted into a database? Currently I have been searching through each string (textbox, or what ever it may be) and manually (looking at each character in the string) replacing the single quote with two single quotes. I have also tried the Replace function but that does not appear to change the single quotes. If any one has experinced this please pass on your knowledge or point me in the right direction. Thanks Joe
I use replace() for this all the time... Replace("'", "''")
-
If you use parametarised queries you can get around this problem. Also, parameterised queries are more secure as they are less suseptable to injection attacks.
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell Not getting the response you want from a question asked in an online forum: How to Ask Questions the Smart Way!
And they are much faster too, since the SQL (which has to be compiled) can be cached for every request. There's simply no excuse for not using them!:)
-
And they are much faster too, since the SQL (which has to be compiled) can be cached for every request. There's simply no excuse for not using them!:)
Hugo Hallman wrote: they are much faster too Good point! I keep forgetting that. I still have this mind set that you have to make a stored procedure for to have the SQL cached in a pre-compiled state.
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell Not getting the response you want from a question asked in an online forum: How to Ask Questions the Smart Way!