Handling Special Characters in ASP.NET
Posted on 2004-08-11
I have built a web app that accepts user input and displays it in datagrids etc. However, if there are any special characters included in the user input the SQL statements will not work. I have read about using a Replace method or Server.htmlEncode but I have no idea how to implement either of those. Can someone please provide me with a good example for INSERT and UPDATE statements in VB.NET that can handle all special characters? Or is there a better way to do this besides changing the INSERT and UPDATES?
Here is an example from my project:
High points because this is urgent... Thanks :)
Dim SQLCommandText As String
SQLCommandText = "INSERT into users (Fname, Lname, Email, Username, Userpass) Values ('" + txtFname.Text + "','" + txtLname.Text + "','" + txtEmail.Text + "','" + txtUsername.Text + "','" + txtUserpass.Text + "')"
dcRegister.CommandText = SQLCommandText