Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VB.net/SQL dealing with apostrophes in strings

Posted on 2007-11-29
4
Medium Priority
?
5,007 Views
Last Modified: 2010-04-21
Hi,
I am trying to do a very simple program with a VB.net front end and an Access 2002 back end. I have a list of names and since I am in Ireland many of them have an apostrophe in them. The program has no problems with names like "Sean Murphy" but needless to say the OLEDBCommand gets a bit antsy when it's "Sean O' Murphy". Is there anyway that I can get SQL to realise that the apostrophe is part of the string and to ignore it and treat it like an ordinary character?

Open in new window

0
Comment
Question by:BozM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 18

Accepted Solution

by:
Joel Coehoorn earned 2000 total points
ID: 20375362
Replace Sean O' Murphy with Sean O'' Murphy before sending it to the database.  Note that I used two single quotes there, not one double quote.  That will escape the quote so that it will be stored in the database correctly.  

Another option I highly recommend is to use the parameterized queries for OleDb.  Then, instead of a statement like this:
    cmd.CommandText = "INSERT INTO Names (FullName) VALUES ('Sean O''Murphy')"

You'd have a string like this:
    cmd.CommandText = "INSERT INTO Names (FullName) VALUES (?)"

And add paraemters like this:
    cmd.Parameters.Add("?").Value = "Sean O'Murphy"

Notice that I was able to use a single quote there with no extra work.  This will also let me save the command for later use, and I can just change the value of the parameter and run it again.  So I set the command up once, and then as I go through the loop I just have something like this:
    cmd.Parameters(0).Value = strNameVariable
    cmd.ExecuteNonQuery()

0
 
LVL 27

Expert Comment

by:MikeToole
ID: 20375381
Double up the single quotes inside the string.
Easiest way is to write a function -
Public Function QuoteString(Value as string) as string
Quotestring =  "'" & Replace(Value, "'", "''") & "'"
End function
0
 
LVL 5

Expert Comment

by:mydasx
ID: 20375575
Paramaterize your sql statements rather then using adhoc queries.  This will fix this issue as well as prevent sql injection hacking on your application.
0
 

Author Closing Comment

by:BozM
ID: 31411714
That's great, thanks to all of you for your help. I used your syntax for the parameterised queries for INSERT and UPDATE statements and they worked perfectly. Thank you.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Confronted with some SQL you don't know can be a daunting task. It can be even more daunting if that SQL carries some of the old secret codes used in the Ye Olde query syntax, such as: (+)     as used in Oracle;     *=     =*    as used in Sybase …
An alternative to the "For XML" way of pivoting and concatenating result sets into strings, and an easy introduction to "common table expressions" (CTEs). Being someone who is always looking for alternatives to "work your data", I came across this …
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question