The problem that i am having is when ever i input text in format like O'Neal as lastname then my code breaks and gives me following error Incorrect syntax near 'Neal'. Unclosed quotation mark before the character string ''.
If i remove ( ' ) from the Input the code works. How do i solve this? Please advice. -
-
string strSql = " Update Drivers SET CarrierID =@carrierid, LastName =@lastname, FirstName =@firstname, Address =@address, City =@city," +
-
"StateID =@stateid, ZipCode =@zipcode, CellAreaCode =@cellareacode, CellPrefix =@cellprefix, CellPhone =@cellphone, "+
-
"HomeAReaCode =@homeareacode, HomePrefix =@homeprefix, HomePhone =@homephone, FaxAreaCode =@faxareacode, FaxPrefix =@faxprefix," +
-
"Fax =@fax, TruckNumber =@trucknumber where driverid = " + DriverID;
-
-
SqlConnection conn = new SqlConnection();
-
String constr = ConfigurationManager.ConnectionStrings[("USBSRVR")].ConnectionString;
-
conn = new SqlConnection(constr);
-
SqlCommand mycommand = new SqlCommand(strSql, conn);
-
-
//adding sqlparameters
-
#region parameters
-
-
SqlParameter carrier = new SqlParameter("@carrierid", SqlDbType.Int);
-
mycommand.Parameters.Add(carrier);
-
mycommand.Parameters["@carrierid"].Value = CarrierID;
-
-
SqlParameter Last = new SqlParameter("@lastname", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(Last);
-
mycommand.Parameters["@lastname"].Value = LastName;
-
-
SqlParameter First = new SqlParameter("@firstname", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(First);
-
mycommand.Parameters["@firstname"].Value = FirstName;
-
-
SqlParameter addres = new SqlParameter("@address", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(addres);
-
mycommand.Parameters["@address"].Value = Address;
-
-
SqlParameter drivercity = new SqlParameter("@city", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(drivercity);
-
mycommand.Parameters["@city"].Value = City;
-
-
SqlParameter driverstate = new SqlParameter("@StateID", SqlDbType.Int);
-
mycommand.Parameters.Add(driverstate);
-
mycommand.Parameters["@StateID"].Value = StateID;
-
-
SqlParameter zip = new SqlParameter("@zipcode", SqlDbType.Char);
-
mycommand.Parameters.Add(zip);
-
mycommand.Parameters["@zipcode"].Value = ZipCode;
-
-
SqlParameter cad = new SqlParameter("@cellareacode", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(cad);
-
mycommand.Parameters["@cellareacode"].Value = CellAreaCode;
-
-
SqlParameter cellpref = new SqlParameter("@cellprefix", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(cellpref);
-
mycommand.Parameters["@cellprefix"].Value = CellPrefix;
-
-
SqlParameter cellphon = new SqlParameter("@cellphone", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(cellphon);
-
mycommand.Parameters["@cellphone"].Value = CellNumber;
-
-
SqlParameter hac = new SqlParameter("@homeareacode", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(hac);
-
mycommand.Parameters["@homeareacode"].Value = HomeAreaCode;
-
-
SqlParameter hp = new SqlParameter("@homeprefix", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(hp);
-
mycommand.Parameters["@homeprefix"].Value = HomePrefix;
-
-
SqlParameter homeph = new SqlParameter("@homephone", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(homeph);
-
mycommand.Parameters["@homephone"].Value = HomePhone;
-
-
SqlParameter fac = new SqlParameter("@faxareacode", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(fac);
-
mycommand.Parameters["@faxareacode"].Value = FaxAreaCode;
-
-
SqlParameter faxpref = new SqlParameter("@faxprefix", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(faxpref);
-
mycommand.Parameters["@faxprefix"].Value = FaxPrefix;
-
-
SqlParameter faxnum = new SqlParameter("@fax", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(faxnum);
-
mycommand.Parameters["@fax"].Value = FaxNumber;
-
-
SqlParameter trucknum = new SqlParameter("@trucknumber", SqlDbType.NVarChar);
-
mycommand.Parameters.Add(trucknum);
-
mycommand.Parameters["@trucknumber"].Value = TruckNumber;
-
-
#endregion
-
-
//execution of the sql statement.
-
try
-
{
-
conn.Open();
-
mycommand.ExecuteNonQuery();
-
}
-
catch (SqlException ex)
-
{
-
throw ex;
-
}
-
finally
-
{
-
conn.Close();
-
}
-
-
-
5 1641 Plater 7,872
Recognized Expert Expert
You can do a number of things.
Using the SQLParameteres should ahve solved that issues for you.
Otherwise you need to escape the single quote character ' by making it be two SINGLE quote characters '' (Note: Not the same as a double quote " )
I also thought that using SQLParameters would fix the problem but still i get the same error. Is there some thing that i am missing?
Plater 7,872
Recognized Expert Expert
Hmm, I've only used them with StoredProcedure s, so maybe that's the part that is different.
so i am guessing using a Sting.Replace(" '","''") is my easiest option to get rid of this error.
Plater 7,872
Recognized Expert Expert
That's what its sounding like.
Remember you have to do it on the value before it goes into your parameters though
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Oeln |
last post by:
If I want to check for input of an integer I've got the following (I
get the form input with $input = "$_POST"):
if(!ereg("^+$",$_POST)) {
echo "Input is incomplete or incorrect.";
}
If, instead of only getting one 'input' I wanted to get n instances of
input, I'd generate input fields for each of n instances I want in a
for loop, then get the input with:
|
by: jeff regoord |
last post by:
A user inputs a float value. The scanf() function gets the value.
However, I need to create an error handler with an if else statement
saying invalid input if the input is not a number. Does anybody know
how I could do this?
|
by: Nathan |
last post by:
I have an aspx page with a data grid, some textboxes, and an update button.
This page also has one html input element with type=file (not inside the data
grid and runat=server).
The update button will verify the information that has been entered and
updates the data base if the data is correct. Update will throw an exception
if the data is not validate based on some given rules. I also have a custom
error handling page to show the...
|
by: ais523 |
last post by:
I use this function that I wrote for inputting strings. It's meant to
return a pointer to mallocated memory holding one input string, or 0 on
error. (Personally, I prefer to use 0 to NULL when returning null
pointers.) It looks pretty watertight to me, but my version of lint
complains about use of deallocated pointers, etc. Is this code
completely safe on all input, or have I missed something?
/* Header files included in the program...
|
by: sam |
last post by:
hi all,
i'm starting to put together a program to simulate the performance of
an investment portfolio in a monte carlo manner doing x thousand
iterations and extracting data from the results.
i'm still in the early stages, and am trying to code something simple
and interactive to get the percentages of the portfolio in the five
different investment categories. i thought i'd get in with the error
handling early so if someone types in...
| |
by: Kavya |
last post by:
I saw these two ways for validating input
First Way
--------------
#include <iostream>
#include <limits>
using namespace std;
int main() {
|
by: Louis |
last post by:
I have a form with multiple input boxes. I want to validate each input
box (and force user to correct it) before allowing user to move to
another, either using tab key or a mouse click.
I try onchange/on blur to activate a javascript function to check the
input for correctness once user moves out of the input box (tab or mouse
click). If it looks OK, then nothing happens. But if an error is
detected, the function puts out an alert box...
|
by: AlexanderDeLarge |
last post by:
Hi!
I got a problem that's driving me crazy and I'm desperately in need of help.
I'll explain my scenario:
I'm doing a database driven site for a band, I got these tables for their discography section:
Discography
---------------------
DiscID
|
by: =?ISO-8859-1?Q?Tom=E1s_=D3_h=C9ilidhe?= |
last post by:
I have a fully-portable C program (or at least I think I do). It works
fine on Windows, but malfunctions on Linux. I suspect that there's
something I don't know about the standard input stream that's causing
the problem.
Here's how I wrote the program originally:
#include <stdio.h>
#include <string.h>
|
by: arnuld |
last post by:
Earlier, I have posted a program like this, a month ago IIRC. I have
created it again, without looking at the old program. Can I have your
opinions on this:
1) I wanted my program to be efficient, so I used reference to vector.
2) anything else you think worth mentioning
/* A program that asks the user for input and when user hits EOF will sort the words
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |