Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

quote problem

Hi Experts,

I have Insert that works fine until I get single qoute within text.
The question is how do I convert / replace this single quote so it will be inserted.

Thank you.
0
fpoyavo
Asked:
fpoyavo
1 Solution
 
fpoyavoAuthor Commented:
I have already tried Replace("'", "''"); but it does not help.
0
 
fpoyavoAuthor Commented:
I also tried to replace it by double quote but when I select the value I do see double but not single.
0
 
praneethaCommented:
r u inserting into sql server
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
fpoyavoAuthor Commented:
praneetha,

I saw this link before. The problem is that I am not using stored procedure :). It is OLEDB within C#.

Thanks.
0
 
praneethaCommented:
can u post that code where u r trying to  insert
0
 
fpoyavoAuthor Commented:
I am saing it works fine until there is a single quote in text.

Thanks.
0
 
fpoyavoAuthor Commented:
Here is code :

for select which blows up first I believe :

mysql = "select count(*) from mytbl where mycolumn = '" + mystring + "'";

Thanks.
0
 
praneethaCommented:
mysql = "select count(*) from mytbl where mycolumn = 'hello'  "

can u hard code the values and check....

and when u have ' may be do \'

0
 
fpoyavoAuthor Commented:
here is insert :

mysql2 = "Insert into mytbl(col1, col2)" +
" values ('" + mystr1 + "', '" +  mystr2 + "')";
0
 
fpoyavoAuthor Commented:
praneetha,

It is not a matter of guessing...Either you know or not. Believe me I have tried all these things and only then came here.

Thank you anyway.
0
 
s_sansanwalCommented:
Hi there,

Try

mysql2 = "Insert into mytbl(col1, col2)" +
      " values ('" + mystr1.Replace("'","''") + "', '" +  mystr2.Replace("'","''") + "')";


REPLACE does not change the variable but returns the replaced value.

Cheers,
S Sansanwal
   
0
 
praneethaCommented:
TextBox1.Text=TextBox1.Text.Replace("'","''");

                  // add a new user
                  SqlCommand myCommand=new SqlCommand("insert into testins(id) values('"+this.TextBox1.Text+"')",myConnection);
                  myCommand.CommandType=CommandType.Text;

ok that worked for me

replace "'" with 2 single quotes
0
 
fpoyavoAuthor Commented:
S Sansanwal

Please read from the start. I did it already.
0
 
praneethaCommented:
is it mysql...bcz mine works in MS SQL SErver
0
 
fpoyavoAuthor Commented:
praneetha,

You did not read the question and two post comments. They are saying I tried it already.

Another question is : when I do insert with replaced to double what do I have in Database ? I know - double .
                                when I do          with                   two single                                     ?  I dont know. Do you ?

                                when I do select what do I get for double : I know - double
                                                                              for two single : I don't. Do you ?

Thanks.
0
 
praneethaCommented:
yea two single quotes insrted single quote in the sql server...

0
 
sachiekCommented:
Well friend,
  Here is what I tried. It is working fine.

  A Dummy table.

 
CREATE TABLE [dbo].[TestTable1] (
      [ID] [int] NULL ,
      [DummyCol] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL
) ON [PRIMARY]
GO


INSERT INTO TestTable1
                      (ID, DummyCol)
VALUES     (1, '''12345''')

It is inserting fine.

So the value inside the table now is

1, '12345'

Acutally that single quote is also there in the table now.

So if you want to have this from your application,

You can write as

mysql2 = @"Insert into mytbl(col1, col2)" +
" values ('''" + mystr1 + "''' , '''"  +  mystr2 + "''')";

  You have to have 3 single quote and one double quote. Watchout.
  Also I have added a "@" symbol. This will help C# to compile it easiler considering this statment.

Below is the documentation i found for you to show why @ symbol is good to use.

**************************************************
String literals are of type string and can be written in two forms, quoted and @-quoted. Quoted string literals are enclosed in double quotation marks ("):

"good morning"  // a string literal

and can contain any character literal, including escape sequences:

string a = "\\\u0066\n";  // backslash, letter f, new line

Note   The escape code \udddd (where dddd is a four-digit number) represents the Unicode character U+dddd. Eight-digit Unicode escape codes are also recognized: \udddd\udddd.

@-quoted string literals start with @ and are enclosed in double quotation marks. For example:

@"good morning"  // a string literal

The advantage of @-quoting is that escape sequences are not processed, which makes it easy to write, for example, a fully qualified file name:

@"c:\Docs\Source\a.txt"  // rather than "c:\\Docs\\Source\\a.txt"

To include a double quotation mark in an @-quoted string, double it:

@"""Ahoy!"" cried the captain." // "Ahoy!" cried the captain.

***************************************************

Hope you got it right this time.

Cheers!
Sachi
0
 
armoghanCommented:
This error always comes up in QA
I would suggest always use the DBCommand

OleDbCommand cmd;

  // Create the SelectCommand.

  cmd = new OleDbCommand("SELECT * FROM Customers " +
                       "WHERE Country = @Country AND City = @City", conn);

  cmd.Parameters.Add("@Country", OleDbType.VarChar, 15);
  cmd.Parameters.Add("@City", OleDbType.VarChar, 15);

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now