469,935 Members | 1,609 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,935 developers. It's quick & easy.

replace function in C# part ii

Hi,

I read the thread (2/16/05) regarding a replace function in C# however it
didn't answer my question. I have a string which is building an insert sql
statement and I would like to replace apostrophes of the form fields. I was
trying to do something like this:

string sqlInsertEmails = "insert into tblContent (content, subject) values
('" + Replace(txtBody.Text,"'","''") + "', '" +
Replace(txtSubject.Text,"'","''") + "')";

How can I replace the apostrophe of the form fields (i.e. txtBody.Text)
instead of running a replace function on the entire insert sql statement
which would replace the apostrophes that are needed in the sql statement?

Thanks,

Andy
Nov 19 '05 #1
3 5275
I'm confused. In the code you just posted, you are not calling the
String.Replace() for the entire SQL statement. You are replacing the values
of 2 textboxes, which is what you seem to be asking how to do. Of course,
your example is an unholy mixture of C# and VB syntax. It should read:

string sqlInsertEmails = "insert into tblContent (content, subject) values
"'" +
txtBody.Text.Replace("'", "''") + "', '" +
txtSubject.Text.Replace("'", "''") + "'";

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Neither a follower nor a lender be.

"Andy Sutorius" <an**@sutorius.com> wrote in message
news:JK*********************@twister.southeast.rr. com...
Hi,

I read the thread (2/16/05) regarding a replace function in C# however it
didn't answer my question. I have a string which is building an insert sql
statement and I would like to replace apostrophes of the form fields. I
was
trying to do something like this:

string sqlInsertEmails = "insert into tblContent (content, subject) values
('" + Replace(txtBody.Text,"'","''") + "', '" +
Replace(txtSubject.Text,"'","''") + "')";

How can I replace the apostrophe of the form fields (i.e. txtBody.Text)
instead of running a replace function on the entire insert sql statement
which would replace the apostrophes that are needed in the sql statement?

Thanks,

Andy

Nov 19 '05 #2
Andy:
I'm going to answer this in two parts.

First to answer your question:

"insert into xxx (content, subject) values ('" + txtBody.Text.Replace("'",
"''") + "', '" ....
Secondly, consider using parameterized values instead of concatenation like
this. Do:

someCommand.CommandText = "insert into xxx (content, subject) values (@body,
@subject)"
someCommand.Parameters.Add("@Body", SqlDbType.VarChar, 2048).Value =
txtBody.Text
someCommand.Parameters.Add("@Subject", SqlDbType.VarChar, 128).Value =
txtSibject.Text

you don't need to worry about replace single quotes this way, it provides
more security and can be far more easily replaced with a stored procedure...

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/
"Andy Sutorius" <an**@sutorius.com> wrote in message
news:JK*********************@twister.southeast.rr. com...
Hi,

I read the thread (2/16/05) regarding a replace function in C# however it
didn't answer my question. I have a string which is building an insert sql
statement and I would like to replace apostrophes of the form fields. I was trying to do something like this:

string sqlInsertEmails = "insert into tblContent (content, subject) values
('" + Replace(txtBody.Text,"'","''") + "', '" +
Replace(txtSubject.Text,"'","''") + "')";

How can I replace the apostrophe of the form fields (i.e. txtBody.Text)
instead of running a replace function on the entire insert sql statement
which would replace the apostrophes that are needed in the sql statement?

Thanks,

Andy

Nov 19 '05 #3
Kevin and Karl,

Thank you!

Andy
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:%2****************@TK2MSFTNGP12.phx.gbl...
Andy:
I'm going to answer this in two parts.

First to answer your question:

"insert into xxx (content, subject) values ('" + txtBody.Text.Replace("'",
"''") + "', '" ....
Secondly, consider using parameterized values instead of concatenation like this. Do:

someCommand.CommandText = "insert into xxx (content, subject) values (@body, @subject)"
someCommand.Parameters.Add("@Body", SqlDbType.VarChar, 2048).Value =
txtBody.Text
someCommand.Parameters.Add("@Subject", SqlDbType.VarChar, 128).Value =
txtSibject.Text

you don't need to worry about replace single quotes this way, it provides
more security and can be far more easily replaced with a stored procedure...
Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/
"Andy Sutorius" <an**@sutorius.com> wrote in message
news:JK*********************@twister.southeast.rr. com...
Hi,

I read the thread (2/16/05) regarding a replace function in C# however it didn't answer my question. I have a string which is building an insert sql statement and I would like to replace apostrophes of the form fields. I

was
trying to do something like this:

string sqlInsertEmails = "insert into tblContent (content, subject) values ('" + Replace(txtBody.Text,"'","''") + "', '" +
Replace(txtSubject.Text,"'","''") + "')";

How can I replace the apostrophe of the form fields (i.e. txtBody.Text)
instead of running a replace function on the entire insert sql statement
which would replace the apostrophes that are needed in the sql statement?
Thanks,

Andy


Nov 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by tgh003 | last post: by
5 posts views Thread by galsaba | last post: by
5 posts views Thread by pembed2003 | last post: by
11 posts views Thread by Joe HM | last post: by
5 posts views Thread by int main(void) | last post: by
4 posts views Thread by SirCodesALot | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.