Basic Insert Please correct
-
string sInsert = "insert into temp11 values ('This is my test data's ')"; SqlConnection sqlcon = new SqlConnection(ConfigurationSettings.AppSettings["DBConnection"]); sqlcon.Open(); SqlCommand objcmd = new SqlCommand(sInsert,sqlcon); objcmd.ExecuteNonQuery();IT failed becuase there is an "'" inside the text. I tried to usedsInsert = sInsert.Replace("'","''");but still failed. -
string sInsert = "insert into temp11 values ('This is my test data's ')"; SqlConnection sqlcon = new SqlConnection(ConfigurationSettings.AppSettings["DBConnection"]); sqlcon.Open(); SqlCommand objcmd = new SqlCommand(sInsert,sqlcon); objcmd.ExecuteNonQuery();IT failed becuase there is an "'" inside the text. I tried to usedsInsert = sInsert.Replace("'","''");but still failed. -
string sInsert = "insert into temp11 values ('This is my test data's ')"; SqlConnection sqlcon = new SqlConnection(ConfigurationSettings.AppSettings["DBConnection"]); sqlcon.Open(); SqlCommand objcmd = new SqlCommand(sInsert,sqlcon); objcmd.ExecuteNonQuery();IT failed becuase there is an "'" inside the text. I tried to usedsInsert = sInsert.Replace("'","''");but still failed.You should use parameterized queries to do this. They are far less prone to SQL injection attacks and don't have problems with special characters inside your query strings, too. Regards, mav