Solved

VB.net/SQL dealing with apostrophes in strings

Posted on 2007-11-29
4
4,658 Views
Last Modified: 2010-04-21
Hi,
I am trying to do a very simple program with a VB.net front end and an Access 2002 back end. I have a list of names and since I am in Ireland many of them have an apostrophe in them. The program has no problems with names like "Sean Murphy" but needless to say the OLEDBCommand gets a bit antsy when it's "Sean O' Murphy". Is there anyway that I can get SQL to realise that the apostrophe is part of the string and to ignore it and treat it like an ordinary character?

Open in new window

0
Comment
Question by:BozM
4 Comments
 
LVL 18

Accepted Solution

by:
jcoehoorn earned 500 total points
ID: 20375362
Replace Sean O' Murphy with Sean O'' Murphy before sending it to the database.  Note that I used two single quotes there, not one double quote.  That will escape the quote so that it will be stored in the database correctly.  

Another option I highly recommend is to use the parameterized queries for OleDb.  Then, instead of a statement like this:
    cmd.CommandText = "INSERT INTO Names (FullName) VALUES ('Sean O''Murphy')"

You'd have a string like this:
    cmd.CommandText = "INSERT INTO Names (FullName) VALUES (?)"

And add paraemters like this:
    cmd.Parameters.Add("?").Value = "Sean O'Murphy"

Notice that I was able to use a single quote there with no extra work.  This will also let me save the command for later use, and I can just change the value of the parameter and run it again.  So I set the command up once, and then as I go through the loop I just have something like this:
    cmd.Parameters(0).Value = strNameVariable
    cmd.ExecuteNonQuery()

0
 
LVL 27

Expert Comment

by:MikeToole
ID: 20375381
Double up the single quotes inside the string.
Easiest way is to write a function -
Public Function QuoteString(Value as string) as string
Quotestring =  "'" & Replace(Value, "'", "''") & "'"
End function
0
 
LVL 5

Expert Comment

by:mydasx
ID: 20375575
Paramaterize your sql statements rather then using adhoc queries.  This will fix this issue as well as prevent sql injection hacking on your application.
0
 

Author Closing Comment

by:BozM
ID: 31411714
That's great, thanks to all of you for your help. I used your syntax for the parameterised queries for INSERT and UPDATE statements and they worked perfectly. Thank you.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Help 27 57
How to limit User Input 2 27
how to double quote a string for an inline sql statement. 8 73
ASP.NET (VB) return a record 2 37
Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question