Solved

VB.net/SQL dealing with apostrophes in strings

Posted on 2007-11-29
4
4,614 Views
Last Modified: 2010-04-21
Hi,
I am trying to do a very simple program with a VB.net front end and an Access 2002 back end. I have a list of names and since I am in Ireland many of them have an apostrophe in them. The program has no problems with names like "Sean Murphy" but needless to say the OLEDBCommand gets a bit antsy when it's "Sean O' Murphy". Is there anyway that I can get SQL to realise that the apostrophe is part of the string and to ignore it and treat it like an ordinary character?

Open in new window

0
Comment
Question by:BozM
4 Comments
 
LVL 18

Accepted Solution

by:
jcoehoorn earned 500 total points
ID: 20375362
Replace Sean O' Murphy with Sean O'' Murphy before sending it to the database.  Note that I used two single quotes there, not one double quote.  That will escape the quote so that it will be stored in the database correctly.  

Another option I highly recommend is to use the parameterized queries for OleDb.  Then, instead of a statement like this:
    cmd.CommandText = "INSERT INTO Names (FullName) VALUES ('Sean O''Murphy')"

You'd have a string like this:
    cmd.CommandText = "INSERT INTO Names (FullName) VALUES (?)"

And add paraemters like this:
    cmd.Parameters.Add("?").Value = "Sean O'Murphy"

Notice that I was able to use a single quote there with no extra work.  This will also let me save the command for later use, and I can just change the value of the parameter and run it again.  So I set the command up once, and then as I go through the loop I just have something like this:
    cmd.Parameters(0).Value = strNameVariable
    cmd.ExecuteNonQuery()

0
 
LVL 27

Expert Comment

by:MikeToole
ID: 20375381
Double up the single quotes inside the string.
Easiest way is to write a function -
Public Function QuoteString(Value as string) as string
Quotestring =  "'" & Replace(Value, "'", "''") & "'"
End function
0
 
LVL 5

Expert Comment

by:mydasx
ID: 20375575
Paramaterize your sql statements rather then using adhoc queries.  This will fix this issue as well as prevent sql injection hacking on your application.
0
 

Author Closing Comment

by:BozM
ID: 31411714
That's great, thanks to all of you for your help. I used your syntax for the parameterised queries for INSERT and UPDATE statements and they worked perfectly. Thank you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It’s quite interesting for me as I worked with Excel using vb.net for some time. Here are some topics which I know want to share with others whom this might help. First of all if you are working with Excel then you need to Download the Following …
'Between' is such a common word we rarely think about it but in SQL it has a very specific definition we should be aware of. While most database vendors will have their own unique phrases to describe it (see references at end) the concept in common …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now