[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VB.net/SQL dealing with apostrophes in strings

Posted on 2007-11-29
4
Medium Priority
?
5,113 Views
Last Modified: 2010-04-21
Hi,
I am trying to do a very simple program with a VB.net front end and an Access 2002 back end. I have a list of names and since I am in Ireland many of them have an apostrophe in them. The program has no problems with names like "Sean Murphy" but needless to say the OLEDBCommand gets a bit antsy when it's "Sean O' Murphy". Is there anyway that I can get SQL to realise that the apostrophe is part of the string and to ignore it and treat it like an ordinary character?

Open in new window

0
Comment
Question by:BozM
4 Comments
 
LVL 18

Accepted Solution

by:
Joel Coehoorn earned 2000 total points
ID: 20375362
Replace Sean O' Murphy with Sean O'' Murphy before sending it to the database.  Note that I used two single quotes there, not one double quote.  That will escape the quote so that it will be stored in the database correctly.  

Another option I highly recommend is to use the parameterized queries for OleDb.  Then, instead of a statement like this:
    cmd.CommandText = "INSERT INTO Names (FullName) VALUES ('Sean O''Murphy')"

You'd have a string like this:
    cmd.CommandText = "INSERT INTO Names (FullName) VALUES (?)"

And add paraemters like this:
    cmd.Parameters.Add("?").Value = "Sean O'Murphy"

Notice that I was able to use a single quote there with no extra work.  This will also let me save the command for later use, and I can just change the value of the parameter and run it again.  So I set the command up once, and then as I go through the loop I just have something like this:
    cmd.Parameters(0).Value = strNameVariable
    cmd.ExecuteNonQuery()

0
 
LVL 27

Expert Comment

by:MikeToole
ID: 20375381
Double up the single quotes inside the string.
Easiest way is to write a function -
Public Function QuoteString(Value as string) as string
Quotestring =  "'" & Replace(Value, "'", "''") & "'"
End function
0
 
LVL 5

Expert Comment

by:mydasx
ID: 20375575
Paramaterize your sql statements rather then using adhoc queries.  This will fix this issue as well as prevent sql injection hacking on your application.
0
 

Author Closing Comment

by:BozM
ID: 31411714
That's great, thanks to all of you for your help. I used your syntax for the parameterised queries for INSERT and UPDATE statements and they worked perfectly. Thank you.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question