Why don't you use parameterized queries, or stored Procedures?
That way, you don't need to worry about things like this, and your
application will be more secure also.
David Wier
http://aspnet101.com http://iWritePro.com - One click PDF, convert .doc/.rtf/.txt to HTML with no
bloated markup
"mister-Ed" <27**@cox.netwrote in message
news:11**********************@57g2000hsv.googlegro ups.com...
>I have a datagrid, and when initializing my field variables, I need to
double up apostrophes so they are accepted into SQL dbase. In the line
below, i'm trying to do this with the Replace function, but i still
get an error when entering an apostrophe:
Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
textbox).Text.Replace("'", "''")
???
Mr. Ed