Write to database when string contains a '

I am trying to wrtie the contents of text box to a database but I am getting and error when there is a ' in the text, example justine's

here is the the code I am using.  strrelation2descp = " & txtsourcedes2.Text & ",  I have tried single/double and just double quotes I still get the error.   Thank you for your help

Dim cmd8 As New SqlClient.SqlCommand("UPDATE tblHousehold set curchecking =CAST('" & txtchk.Text & "' as money),cursavings =CAST('" & txtsav.Text & "' as money),curcash =CAST('" & txtcash.Text & "' as money),curcds =CAST('" & txtcd.Text & "' as money) ,curproperty =CAST('" & txtprop.Text & "' as money),curassets =CAST('" & txtother.Text & "' as money),ysnfoodstamps = '" & ysnfs & "' ,strvehicle1 = '" & txtvech1.Text & "',strvehicle1model = '" & txtmod1.Text & "',strvehicle1year = '" & txtyear1.Text & "',curvehicle1owed = cast('" & txtamtowed1.Text & "'as money),strvehicle2 = '" & txtvech2.Text & "',strvehicle2model = '" & txtmod2.Text & "',strvehicle2year = '" & txtyear2.Text & "',strrelation1descp = " & txtsourcedes1.Text & ",strrelation2descp = " & txtsourcedes2.Text & ",strrelation3descp = " & txtsourcedes3.Text & ",strrelation4descp = " & txtsourcedes4.Text & ",strrelation5descp = " & txtsourcedes5.Text & ",curvehicle2owed = cast('" & txtamtowed2.Text & "'as money)where lngHouseid =" & SqlParametersDB.Name.lnghouseid, Connection1)
        Try
            cmd8.ExecuteNonQuery()
        Catch ex As Exception
            MsgBox(ex.Message)

        End Try
running32Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jon_RaymondCommented:
This is a common problem. You should have a function on the front end that reformats the string and replaces all single quotes (') with 2 singke quotes (''). In visual basic you can use the REPLACE function.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ZeonFlashCommented:
You might try running a quick single quote double-upper to fix that....something along the lines of:

strrelation2descp = " & txtsourcedes2.Text.Replace("'","''")
0
ZeonFlashCommented:
Cursed refresh button....Jon Raymond beat me to it :)
0
running32Author Commented:
thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic.NET

From novice to tech pro — start learning today.