Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
CODE PROJECT For Those Who Code
  • Home
  • Articles
  • FAQ
Community
  1. Home
  2. Web Development
  3. ASP.NET
  4. How to insert a string variable with " ' "(single qoutation) into database(sql server 2005

How to insert a string variable with " ' "(single qoutation) into database(sql server 2005

Scheduled Pinned Locked Moved ASP.NET
databasehelptutorialsql-serversysadmin
5 Posts 5 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    N Offline
    Nekkantidivya
    wrote on last edited by
    #1

    Hi, I need to insert a string variable with '(single quotations)into the sql server 2005 database. I tried to insert it in the normal method. But I am getting an error while inserting it. For example string str="Hi 'Please help me' programers"; SqlCommand cmd1 = new SqlCommand("INSERT into Table1(Message) values('"+str+"')",con); I have to insert the exact string without any modifications into the database. Please if anyone know solution please help me. Thank you.

    G S M 3 Replies Last reply
    0
    • N Nekkantidivya

      Hi, I need to insert a string variable with '(single quotations)into the sql server 2005 database. I tried to insert it in the normal method. But I am getting an error while inserting it. For example string str="Hi 'Please help me' programers"; SqlCommand cmd1 = new SqlCommand("INSERT into Table1(Message) values('"+str+"')",con); I have to insert the exact string without any modifications into the database. Please if anyone know solution please help me. Thank you.

      G Offline
      G Offline
      Gaurav K Singh
      wrote on last edited by
      #2

      Use double single quote in place of one single quote

      The miracle is this--the more we share, the more we have.

      1 Reply Last reply
      0
      • N Nekkantidivya

        Hi, I need to insert a string variable with '(single quotations)into the sql server 2005 database. I tried to insert it in the normal method. But I am getting an error while inserting it. For example string str="Hi 'Please help me' programers"; SqlCommand cmd1 = new SqlCommand("INSERT into Table1(Message) values('"+str+"')",con); I have to insert the exact string without any modifications into the database. Please if anyone know solution please help me. Thank you.

        S Offline
        S Offline
        sumit7034
        wrote on last edited by
        #3

        Try this SqlCommand sqlCmd = new SqlCommand("INSERT into Table1(Message) values @str ", dbConn); sqlCmd.Parameters.AddWithValue("@str", str);

        A 1 Reply Last reply
        0
        • N Nekkantidivya

          Hi, I need to insert a string variable with '(single quotations)into the sql server 2005 database. I tried to insert it in the normal method. But I am getting an error while inserting it. For example string str="Hi 'Please help me' programers"; SqlCommand cmd1 = new SqlCommand("INSERT into Table1(Message) values('"+str+"')",con); I have to insert the exact string without any modifications into the database. Please if anyone know solution please help me. Thank you.

          M Offline
          M Offline
          Member 1021252
          wrote on last edited by
          #4

          you can use some other symbol and replace it at time of rendering the value for that. For example before inserting replace with say # and while rendering change it back to ' Hope this helps Puneet

          1 Reply Last reply
          0
          • S sumit7034

            Try this SqlCommand sqlCmd = new SqlCommand("INSERT into Table1(Message) values @str ", dbConn); sqlCmd.Parameters.AddWithValue("@str", str);

            A Offline
            A Offline
            Abhishek Sur
            wrote on last edited by
            #5

            I think sumit's answer is the best one... using SqlParameters will remove the possibility of sql injection as well.:rose:

            Abhishek Sur My Latest Articles Basics on LINQ and Lambda Expressions
            Create .NET Templates

            1 Reply Last reply
            0
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • World
            • Users
            • Groups