Store " ' " in database
-
Hi All, I wanna store " ' " in data base ....for e.g, "father's" or "isn't", i m using VS 2003 with SQL Server 2000.. so how can i achive this task Thanx Sajjad
-
Hi All, I wanna store " ' " in data base ....for e.g, "father's" or "isn't", i m using VS 2003 with SQL Server 2000.. so how can i achive this task Thanx Sajjad
Use an ADO.Net parameter to pass the data in rather then building the SQL dynamically. If you have to build dyanmic sql, '' gets translated to ', so 'father''s' is stored as father's. This is typically done with a call to Replace("'", "''")
-
Hi All, I wanna store " ' " in data base ....for e.g, "father's" or "isn't", i m using VS 2003 with SQL Server 2000.. so how can i achive this task Thanx Sajjad
-
Use an ADO.Net parameter to pass the data in rather then building the SQL dynamically. If you have to build dyanmic sql, '' gets translated to ', so 'father''s' is stored as father's. This is typically done with a call to Replace("'", "''")
thanx for reply... but i wanna store in database ' father's ' not ' father"s ' i think u understand my point.. thanx
-
insert into values ('''') will insert a single "'" "fathers'''s" or "isn'''t" will do.... dirk
-
thanx for reply... but i wanna store in database ' father's ' not ' father"s ' i think u understand my point.. thanx
imshally81 wrote: but i wanna store in database ' father's ' not ' father"s ' That's what I told you how to do. '' is a string escape code for ' in sql just like \t for tab in C or "" for " in VB.
I can imagine the sinking feeling one would have after ordering my book, only to find a laughably ridiculous theory with demented logic once the book arrives - Mark McCutcheon
-
-
Hi All, I wanna store " ' " in data base ....for e.g, "father's" or "isn't", i m using VS 2003 with SQL Server 2000.. so how can i achive this task Thanx Sajjad
Use a parameterised query to store the information, they it will permit you to put in the apostrophe character. I have a blog entry (http://blogs.wdevs.com/colinangusmackay/archive/2004/09/25/652.aspx[^])that shows going from injecting values in SQL to using a parameterised query to do the same thing. You will find that if you do that you don't have to worry about the apostrophes any more because the framework will handle that for you. You should also take care in your code so you don't expose it to the possibility of SQL Injection Attacks. The symptoms of the problem you currently describe show that your code is vulnerable to attack and should be corrected. I also wrote an article about that (SQL Injection Attacks and Tips on How to Prevent Them[^]) Does this help?
My: Blog | Photos WDevs.com - Open Source Code Hosting, Blogs, FTP, Mail and More