"Agnes" <ag***@dynamictech.com.hk> schrieb:
my simple commandtext is ="update mytable set equipname = ' " &
Me.txtEqip.text & " ' " ... where
Now, if Me.txtEqip.text = 20' <-----------I will got the error on this
command,
Think about using '*UpdateCommand' classes with parameters instead of
constructing the SQL command directly. This will prevent SQL injection.
Maybe you can solve your problem by replacing "'" with "''" before inserting
it into the SQL command (if you still want to use the unsecure way of
constructing SQL command strings by hand).
--
M S Herfried K. Wagner
M V P <URL:http://dotnet.mvps.org/>
V B <URL:http://dotnet.mvps.org/dotnet/faqs/>