hi
i have made an application using C# that access sql2000.
this application is just used to insert data to the database.
i use something like this in my code:
//
string colmnA = TextBox1.Text;
string comlnB = TextBox2.Text;
string sqlstatment = "INSERT INTO TABLENAME VALUES(" +"'"+colmnA+"'" + "," +
"'" + colmnB + "'" + ")";
everything was fine till someone have entered the following :
colmnA = "My name'";
colmnB = "Alex";
then the INSERT statement is:
INSERT INTO TABLENAME VALUES('My name'','Alex').
As you see the second " ' " was the problem.
i want to know how to avoid this problem.
Is there is a meean that make the sql to insert the value as "My name'" to
the DB.
and not throw exception about the second " ' ".
Thanks in advance