Use of apostrophe in string

mcm

The use of apostrophes in a textbox, when using collaboration with a SQL statement causes trouble - i was wondering if theres any way to get around this - ie when inserting a value that contains an apostrophe, to omit it before using the SQL insert statement. Any help would be greatly appreciated!

paul_b

You can use StringVar=StringVar.Replace("'", "") to remove the apostrophe from your string (where StringVar is your variable). There may be something more elegant, but this has worked for me.

Brian Lehmann

You may want to think about using a parameterized query to pass the values into your SQL statement. Using the SQL Server data provider, it would look something like this:

Dim sql As String = "INSERT INTO Test (lname) VALUES (@LastName);" Dim cn As New SqlConnection(cnString) Dim cmd As New SqlCommand(sql, cn) cmd.Parameters.Add("@LastName", SqlDbType.VarChar).Value = Me.TextBox2.Text cn.Open() cmd.ExecuteNonQuery() cn.Close()

Doing it this way will save you the trouble of replacing characters in each input field and will help protect against some forms of SQL Injection attacks. However, it won't get you out of validating input for other constraints such as length, etc.

Hope that helps!

RichardGrimmer

If you're trying to insert into a database, just double-up the quotes, so : INSERT INTO table VALUES 'O'Connor' becomes INSERT INTO table VALUES 'O'**'**Connor' have some functions to do this, or just use a replace. This approach has the advantage that the string is stored with the apostrophe in place "Now I guess I'll sit back and watch people misinterpret what I just said......" Christian Graus At The Soapbox