By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,947 Members | 1,548 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,947 IT Pros & Developers. It's quick & easy.

Escaping apostrophe when inserting into sql database

P: n/a
I have a datagrid, and when initializing my field variables, I need to
double up apostrophes so they are accepted into SQL dbase. In the line
below, i'm trying to do this with the Replace function, but i still
get an error when entering an apostrophe:

Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
textbox).Text.Replace("'", "''")

???
Mr. Ed

Oct 5 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a
mister-Ed,

If you use parameters to supply variable data then you should not need to
worry about escaping apostrophes.

Parameters will also help guard agains SQL Injection attacks.

Kerry Moorman
"mister-Ed" wrote:
I have a datagrid, and when initializing my field variables, I need to
double up apostrophes so they are accepted into SQL dbase. In the line
below, i'm trying to do this with the Replace function, but i still
get an error when entering an apostrophe:

Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
textbox).Text.Replace("'", "''")

???
Mr. Ed

Oct 5 '07 #2

P: n/a
mister-Ed wrote:
I need to double up apostrophes so they are accepted into SQL dbase.
In the line below, i'm trying to do this with the Replace function,
but i still get an error when entering an apostrophe:
As ever ... /what/ error???
Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
textbox).Text.Replace("'", "''")
That could get you a NullReferenceException, a TypeCastException, or any
others that the Framework might feel like throwing at you.

Dim sCompany As String = String.Empty
Dim tb as TextBox _
= DirectCast( e.Item.FindControl("textbox3") )
If Not ( tb Is Nothing ) Then
sCompany = tb.Text
End If

sSQL = "update ... "
& set ... = '" & sCompany.Replace("'", "''") & "'"

HTH,
Phill W.
Oct 9 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.