Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net (http://www.velocityreviews.com/forums/f29-asp-net.html)
-   -   Escaping apostrophes inserting into sql (http://www.velocityreviews.com/forums/t542302-escaping-apostrophes-inserting-into-sql.html)

mister-Ed 10-05-2007 06:33 PM

Escaping apostrophes inserting into sql
 
I have a datagrid, and when initializing my field variables, I need to
double up apostrophes so they are accepted into SQL dbase. In the line
below, i'm trying to do this with the Replace function, but i still
get an error when entering an apostrophe:

Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
textbox).Text.Replace("'", "''")

???
Mr. Ed


David Wier 10-05-2007 07:09 PM

Re: Escaping apostrophes inserting into sql
 
Why don't you use parameterized queries, or stored Procedures?
That way, you don't need to worry about things like this, and your
application will be more secure also.

David Wier
http://aspnet101.com
http://iWritePro.com - One click PDF, convert .doc/.rtf/.txt to HTML with no
bloated markup


"mister-Ed" <276q@cox.net> wrote in message
news:1191609219.561621.290780@57g2000hsv.googlegro ups.com...
>I have a datagrid, and when initializing my field variables, I need to
> double up apostrophes so they are accepted into SQL dbase. In the line
> below, i'm trying to do this with the Replace function, but i still
> get an error when entering an apostrophe:
>
> Dim sCompany As String = CType(e.Item.FindControl("textbox3"),
> textbox).Text.Replace("'", "''")
>
> ???
> Mr. Ed
>





All times are GMT. The time now is 04:44 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.