jackjohnson44
asked on
.net sql single quote escape - do I have to wrap every parameter?
I have a data access layer with a bunch of function calls. So if I have form with a browse grid and filters at the top, I pass all the variables into a function that goes to my data access layer on my webservice and gets a dataset out. Most of these queries call stored procs.
If I put in a sinlge quote there are problems so I have to replace it with a single quote. Do I have to wrap each parameter in a replace function? Is there either a way to replace all the parameters passed into a .net function? Or is there a way to wrap the parameters in a stored proc? I don't want to have to do this all over for every parameter. Or is there another way?
If I put in a sinlge quote there are problems so I have to replace it with a single quote. Do I have to wrap each parameter in a replace function? Is there either a way to replace all the parameters passed into a .net function? Or is there a way to wrap the parameters in a stored proc? I don't want to have to do this all over for every parameter. Or is there another way?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In my stored proc I just did this
SELECT @ActualConfigurationCode = REPLACE(@ActualConfigurati onCode,''' ','''''')
SELECT @ActualConfigurationCode = REPLACE(@ActualConfigurati
ASKER