How do I: Replace single quotes in my sql statemnet?

Question

Hello: I have a sql command to execute but some times there is a single quote in the textBox and it messes me up. How can I allow to save the single quote to the sql table?

Nainil · Answer

.NET: string userString = textBox1.Text; string replacedString = userString.Replace( '  '' ); SQL: replacedString = Replace(userString''') Hope this helps.

Nainil · Answer

Hi Giorgio Whenever you have single quotes replace them with 2 single quotes. That should work.

Gustavo · Answer

Nainil: Yes thank you.

Gustavo · Answer

Nainil: Can you give me a sample code of the 2 types?

Nainil · Answer

Giorgio You can either use .NET string.Replace() method to replace any single quotes with 2 single qoutes or you can use T-SQL's Replace function. Since the value being inserted is passed in as a SqlParameter.Value property you can run the Replace function through it and ensure that any string being passed to the stored procedure is clean. Hope this helps.

Gustavo · Answer

Nainil: Yes if it was a string. But it will be some text that the user entered. Is there a way to do it automatically when I put it into the sql command to save it?