I have an asp.net application with a web form and a database backend. Entries in the web form are used to update the database using SQL queries. In my code, I replace quotes in form entries with a sequence of characters so as not to break the SQL. Is there an easier way to handle quotes?
For example
if var1=textbox1=mary's house
the following sql will break:
update x set field1='var1';
Thanks in advance for any help.