Problem with sending (') in string

Question

Hi I have problem i have designed a web page in asp.net 3.5. I have a TextBox and a button the User is expected to write some comment in the TextBox. The TextBox can also have a comment pattern including a (') on the click of button the data in the TextBox will be inserted into SQL. Now the problem is : as you know that if u insert something in Varchar it has to be enclosed in (') but in above case due to (') in the string itself there will be an error So is there a way to insert the data in SQL. Thanks Pankaj

naura pax · Answer

hi Pankaj if you are creating dynamic query then at the time of creating sql string you can do following example : wherestring+=txt.Replace('''); // single quote is passed string in //first parameter and single quote is written twice '' for second.

Master Billa · Answer

Hi when you are use the single quite you need add extra two quote to string.or else is make to sql injection. About this please take look http://archives.devshed.com/forums/windows-107/sql-injecttion-401471.html thank you

Pankaj Singh · Answer

Thanks

Pankaj Singh · Answer

Thanks

Kirtan Patel · Answer

Hi you just need to Replace every Single timeWriten Quote to Double Time suppose you are inserting string  pankaj's Name  then you should write String Like Pankaj' 's name  { Dobule time Single Quotes before 's' ) Thats it :) Better to Write Function That Will Replace Every Single Time Quote to Write it Double time in String public string CSQ(string str) { return Strings.Replace(str ' ''); } if i Helps you please check  Do you like this answer

jinge · Answer

Please see the following two links: http://it.toolbox.com/wiki/index.php/How_do_I_escape_single_quotes_in_SQL_queries%3F http://blog.sqlauthority.com/2008/02/17/sql-server-how-to-escape-single-quotes-fix-error-105-unclosed-quotation-mark-after-the-character-string/