Solved

Unclosed quotation mark after the character string ''.

Posted on 2008-10-09
9
3,759 Views
Last Modified: 2013-12-25
Error message:
System.Data.SqlClient.SqlException : Incorrect syntax near 's'.
Unclosed quotation mark after the character string ''.

  at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
  at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
  at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
  at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
  at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
  at System.Data.SqlClient.SqlDataReader.get_MetaData()
  at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
  at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
  at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result)
  at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
  at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
  at System.Data.SqlClient.SqlCommand.ExecuteReader()
  at adtScheduleAssessment_M.Show_Individual_Schedule() in D:\websites\PTIStaging\AdminTeacher\adtScheduleAssessment_M.aspx.vb:line 305
  at adtScheduleAssessment_M.Page_Load(Object sender, EventArgs e) in D:\websites\PTIStaging\AdminTeacher\adtScheduleAssessment_M.aspx.vb:line 260
ptistaging-error1.TXT
0
Comment
Question by:RohitRepu
9 Comments
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 22682911
that means that some data has a quote, and you did not handle it correctly (ie duplicating it, or handling it properly using SqlParameter objects ...)
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 22682917
see here:
msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx
0
 

Author Comment

by:RohitRepu
ID: 22683113
Hey angell,
 I don't get it....
Could you please tell me exactly what changes i have to make in my code.
Thanks...
Rohit.
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 22683131
for example:
               str1 = "SELECT UserName from aspnet_Users,ParticipantGroup_Membership where ParticipantGroup_Membership.ParticipantId=aspnet_Users.UserId and ParticipantGroup_Membership.GroupId=" & gid
                cmdselect = New SqlCommand(str1, cn1)
 

should be:

               str1 = "SELECT UserName from aspnet_Users,ParticipantGroup_Membership where ParticipantGroup_Membership.ParticipantId=aspnet_Users.UserId and ParticipantGroup_Membership.GroupId=@gid"
                cmdselect = New SqlCommand(str1, cn1)
                cmdselect.Parameters.Add("@gid", SqlDbType.VarChar, 200).Value = gid

with of course the database and size to be adjusted to what you need.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 6

Expert Comment

by:carlsiy
ID: 22683855
exactly what is your insert statement or code.. maybe theres a problem in the flow of string building. post code pls.
0
 

Author Comment

by:RohitRepu
ID: 22689937
the code

Imports System.Data

Imports System.Data.SqlClient

Imports System.Web.Configuration

Imports GROKLibrary

Imports USSWITEADLibrary
 

Partial Class adtScheduleAssessment_M

Inherits System.Web.UI.Page

Dim cn, cn1 As SqlConnection

Dim cmd1, cmd2, cmd3, cmd4 As SqlCommand

Dim treenode As TreeNode

Dim i, j, moveflag As Integer

Dim dr, dr1, dr2, dr3 As SqlDataReader

Dim control1, str As String

Dim tmp As DateTime

Dim strconnection, sts As String

Dim isEditGroup As Boolean

Dim aname, sname, gname As String

Dim aid, grpid As Integer
 

Protected Sub Page_Error(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Error

If TypeOf Server.GetLastError().GetBaseException() Is System.Web.HttpRequestValidationException Then

Response.Clear()

Response.Write("Sorry. There was invalid input in your comment. This can occur when html or javascript is included in your text. Please hit the browser back buttion and try again.")

Response.StatusCode = 200

Response.End()
 

End If

Try

If cn.State = ConnectionState.Open Then

cn.Close()

cn.Dispose()

End If

If cn1.State = ConnectionState.Open Then

cn1.Close()

cn1.Dispose()

End If
 

Catch ex As Exception

Dim errorhandler As New helper

errorhandler.errorHandler(Server.GetLastError().GetBaseException())
 

End Try

End Sub
 

Protected Sub cmdSchedule_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdSchedule.Click

Try
 

Dim cmdselect As SqlCommand

Dim scheduleid, i As Integer

Dim stdt, endt As DateTime

cmdselect = New SqlCommand("SELECT max(ScheduleID) FROM AssessmentSchedule;", cn)

dr = cmdselect.ExecuteReader

dr.Read()

If IsDBNull(dr(0)) = False Then

scheduleid = dr(0) + 1

Else

scheduleid = 1

End If

dr.Close()

strconnection = ConfigurationManager.ConnectionStrings("ptitestConnectionString").ConnectionString

cn1 = New SqlConnection(strconnection)
 

cn1.Open()

stdt = Date.Parse(txtStartDate.Text & " " & ddlStartTime.SelectedItem.Text & ":" & ddlStartTimeMin.SelectedItem.Text)

endt = Date.Parse(txtEndDate.Text & " " & ddlEndTime.SelectedItem.Text & ":" & ddlEndTimeMin.SelectedItem.Text)
 
 

If Len(Trim(txtLimit.Text)) = 0 Then txtLimit.Text = "1000"
 

Dim gid As Integer

Dim str1 As String

' Dim p As Guid

'username = Gridview1.

'If Len(Trim(Membership.GetUser.UserName)) <> 0 Then

' gid = 0

' username = Membership.GetUser.UserName

' 'MsgBox(username)

' p = Membership.GetUser(username).ProviderUserKey
 

' 'cmdselect = New SqlCommand("SELECT ParticipantId from Participant where ParticipantId='" & username & "'", cn)

' str = "SELECT UserName from aspnet_Users where UserName='" & username & "'"

If Len(hidfldGroupID.Value) <> 0 Then

gid = CInt(hidfldGroupID.Value)

'Get all the Participants belonging to selected GroupId.

'cmdselect = New SqlCommand("SELECT ParticipantId from ParticipantGroup where GroupId=" & gid, cn)

str1 = "SELECT UserName from aspnet_Users,ParticipantGroup_Membership where ParticipantGroup_Membership.ParticipantId=aspnet_Users.UserId and ParticipantGroup_Membership.GroupId=" & gid

cmdselect = New SqlCommand(str1, cn1)

dr1 = cmdselect.ExecuteReader

If dr1.HasRows Then
 

sts = "NEW"

While dr1.Read()

i = 0

While i < ChkAssessList.Items.Count
 

If ChkAssessList.Items(i).Selected Then

scheduleid = scheduleid + 1

str = "Insert into AssessmentSchedule(ScheduleId,AssessmentId,ParticipantId,ScheduleName,StartDateTime,EndDateTime,LimitAttempts,LimitdaysBetweenRetakes,Status,GroupId,RetakeCount) Values(@ScheduleId,@AssessmentId,@ParticipantId,@ScheduleName,@StartDateTime,@EndDateTime,@LimitAttempts,@LimitdaysBetweenRetakes,@status,@GroupId,@Retakecount)"

cmd2 = New SqlCommand(str, cn)

cmd2.Parameters.AddWithValue("@ScheduleId", scheduleid)

cmd2.Parameters.AddWithValue("@AssessmentId", ChkAssessList.Items(i).Value)

cmd2.Parameters.AddWithValue("@ParticipantId", dr1(0))

cmd2.Parameters.AddWithValue("@ScheduleName", txtScheduleName.Text)

cmd2.Parameters.AddWithValue("@StartDateTime", stdt)

cmd2.Parameters.AddWithValue("@EndDateTime", endt)

cmd2.Parameters.AddWithValue("@LimitAttempts", CInt(txtLimit.Text))

cmd2.Parameters.AddWithValue("@LimitdaysBetweenRetakes", CInt(txtRetakes.Text))

cmd2.Parameters.AddWithValue("@Status", sts)

cmd2.Parameters.AddWithValue("@GroupId", gid)

cmd2.Parameters.AddWithValue("@Retakecount", 0)

cmd2.ExecuteNonQuery()

End If

i = i + 1

End While

End While

dr1.Close()
 

End If
 
 

cn1.Close()

cn1.Dispose()

Page.Response.Redirect("~/AdminTeacher/adtShowSchedule.aspx", False)
 

ElseIf Len(hidfldGroupName.Value) <> 0 Then ' From Show GroupSchedule Page
 

str = "Update AssessmentSchedule set ScheduleName=@ScheduleName,StartDateTime=@StartDateTime, "

str += " EndDateTime=@EndDateTime,LimitAttempts=@LimitAttempts,LimitdaysBetweenRetakes=@LimitdaysBetweenRetakes"

str += " Where AssessmentId=" & CInt(hidfldAssessName.Value) & " and GroupId=" & CInt(hidfldGroupName.Value) & ";"

cmd2 = New SqlCommand(str, cn)

' cmd2.Parameters.AddWithValue("@ScheduleId", scheduleid)

' cmd2.Parameters.AddWithValue("@AssessmentId", ChkAssessList.Items(i).Value)

'cmd2.Parameters.AddWithValue("@ParticipantId", dr1(0))

cmd2.Parameters.AddWithValue("@ScheduleName", txtScheduleName.Text)

cmd2.Parameters.AddWithValue("@StartDateTime", stdt)

cmd2.Parameters.AddWithValue("@EndDateTime", endt)

cmd2.Parameters.AddWithValue("@LimitAttempts", CInt(txtLimit.Text))

cmd2.Parameters.AddWithValue("@LimitdaysBetweenRetakes", CInt(txtRetakes.Text))

' cmd2.Parameters.AddWithValue("@GroupId", gid)

'cmd2.Parameters.AddWithValue("@Retakecount", 0)

cmd2.ExecuteNonQuery()
 

cn1.Close()

cn1.Dispose()

Page.Response.Redirect("~/AdminTeacher/adtGroupSchedule.aspx", False)
 

ElseIf Len(hidfldScheduleName.Value) <> 0 Then ' From Show GroupSchedule Page
 

str = "Update AssessmentSchedule set ScheduleName=@ScheduleName,StartDateTime=@StartDateTime, "

str += " EndDateTime=@EndDateTime,LimitAttempts=@LimitAttempts,LimitdaysBetweenRetakes=@LimitdaysBetweenRetakes"

str += " Where AssessmentId=" & CInt(hidfldAssessName.Value) & " and ScheduleName='" & hidfldScheduleName.Value & "' and participantid='" & hidfldUser.Value & "'"
 

cmd2 = New SqlCommand(str, cn)

' cmd2.Parameters.AddWithValue("@ScheduleId", scheduleid)

' cmd2.Parameters.AddWithValue("@AssessmentId", ChkAssessList.Items(i).Value)

'cmd2.Parameters.AddWithValue("@ParticipantId", dr1(0))

cmd2.Parameters.AddWithValue("@ScheduleName", txtScheduleName.Text)

cmd2.Parameters.AddWithValue("@StartDateTime", stdt)

cmd2.Parameters.AddWithValue("@EndDateTime", endt)

cmd2.Parameters.AddWithValue("@LimitAttempts", CInt(txtLimit.Text))

cmd2.Parameters.AddWithValue("@LimitdaysBetweenRetakes", CInt(txtRetakes.Text))

' cmd2.Parameters.AddWithValue("@GroupId", gid)

'cmd2.Parameters.AddWithValue("@Retakecount", 0)

cmd2.ExecuteNonQuery()
 

cn1.Close()

cn1.Dispose()

Page.Response.Redirect("~/AdminTeacher/adtGroupSchedule.aspx", False)

Else
 

Response.Write("Cannot Schedule at this moment, as there are 0 Participants in selected Group. ")

cn1.Close()

cn1.Dispose()
 

'Page.Response.Redirect("~/Admin/CreateGroupLinks.aspx")

End If

' 'Only if one participant is selected

'ElseIf Len(hidfldUser.Value) <> 0 Then
 

' gid = CInt(hidfldGroupID.Value)

Catch ex As Exception

If cn1.State = ConnectionState.Open Then

cn1.Close()

cn1.Dispose()

End If

Dim errorhandler As New helper

errorhandler.errorHandler(ex)

End Try
 

End Sub

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

Try
 
 

strconnection = ConfigurationManager.ConnectionStrings("ptitestConnectionString").ConnectionString

cn = New SqlConnection(strconnection)
 
 

cn.Open()

Dim strUser As String

strUser = Membership.GetUser.UserName
 

' All assessments if Admin, selected ones for teachers.
 

If Roles.IsUserInRole(strUser, "Admin") Then
 

cmd3 = New SqlCommand("SELECT * from Assessment", cn)

dr = cmd3.ExecuteReader
 

ElseIf Roles.IsUserInRole(strUser, "Teacher") Then
 

cmd3 = New SqlCommand("SELECT * from Assessment where ForTeachers='True' ", cn)

dr = cmd3.ExecuteReader
 

End If
 
 

i = 0

'ChkAssessList.Items.Clear()

While dr.Read()

ChkAssessList.Items.Add(dr(2))

ChkAssessList.Items(i).Value = dr(0)

ChkAssessList.Items(i).Text = dr(2)

i = i + 1

End While

dr.Close()

If Not Page.IsPostBack Then

txtStartDate.Text = Date.Today

txtEndDate.Text = Date.Today.AddMonths(1)
 

End If

'New Group Schedule
 

If Not IsNothing(Request.Params("GroupID")) Then

hidfldGroupID.Value = Request.Params("GroupID")
 

End If

' Edit Group Schedule
 

If Not IsNothing(Request.Params("Assessid")) And Not IsNothing(Request.Params("GroupEditid")) And Not Me.IsPostBack Then

hidfldGroupName.Value = Request.Params("GroupEditid")

'Made one more Hiddenfield whit grpname as its id to avoid confusion

hidfldAssessName.Value = Request.Params("Assessid")

' hidfldScheduleName.Value = Request.Params("ScheduleName")
 

Show_Schedule() ' Fill in the Controls

isEditGroup = True
 

End If
 

'Edit Individual Schedule
 

If Not IsNothing(Request.Params("Assessid")) And Not IsNothing(Request.Params("ScheduleName")) And Not Me.IsPostBack Then

hidfldUser.Value = Request.Params("User")
 

hidfldAssessName.Value = Request.Params("Assessid")

hidfldScheduleName.Value = Request.Params("ScheduleName")
 

Show_Individual_Schedule()
 

End If

Catch ex As Exception

Dim errorhandler As New helper

errorhandler.errorHandler(ex)
 

End Try
 

End Sub
 

Protected Sub Show_Individual_Schedule()

Dim uname, sname, t1, t2, t3, t4 As String

'Dim str2 As String

Dim startdate, enddate As Date
 

''Show Schedule for Editing...

' uname = Membership.GetUser.UserName

uname = hidfldUser.Value

sname = hidfldScheduleName.Value

aname = hidfldAssessName.Value
 

'MsgBox(uname)

'q = Membership.GetUser(uname).ProviderUserKey

'MsgBox(q.ToString)
 

cmd4 = New SqlCommand("Select AssessmentID, AssessmentType, AssessmentDescription from Assessment where AssessmentID=" & CInt(aname), cn)

'MsgBox(cmd4.CommandText)

dr1 = cmd4.ExecuteReader

'dr1.Read()

i = 0

'ChkAssessList.Items.Clear()

While dr1.Read()

ChkAssessList.Items.Add(dr1(2))

ChkAssessList.Items(i).Value = dr1(0)

ChkAssessList.Items(i).Text = dr1(2)

ChkAssessList.Items().FindByValue(dr1(0)).Selected = True

aid = dr1(0)

i = i + 1

End While

dr1.Close()
 
 

cmd3 = New SqlCommand("Select ScheduleId,AssessmentId,ParticipantId,ScheduleName,StartDateTime,EndDateTime,LimitAttempts,LimitdaysBetweenRetakes from AssessmentSchedule where AssessmentId=" & aname & " and ScheduleName='" & sname & "' and participantID='" & uname & "'", cn)

'MsgBox(cmd3.CommandText)

dr = cmd3.ExecuteReader

dr.Read()

txtScheduleName.Text = dr(3)

txtLimit.Text = dr(6)

txtRetakes.Text = dr(7)
 

startdate = dr(4)

t3 = startdate.Date.ToShortDateString

txtStartDate.Text = t3

enddate = dr(5)

t4 = enddate.Date.ToShortDateString

txtEndDate.Text = t4
 

t1 = startdate.ToLongTimeString

ddlStartTime.SelectedValue = t1.Substring(0, t1.IndexOf(":"))

t2 = enddate.ToLongTimeString

ddlEndTime.SelectedValue = t2.Substring(0, t2.IndexOf(":"))
 

' t1 = startdate.Date.Minute()

ddlStartTimeMin.SelectedValue = t1.Substring(t1.IndexOf(":") + 1, t1.LastIndexOf(":"))

' t2 = enddate.Date.Minute()

ddlEndTimeMin.SelectedValue = t2.Substring(t2.IndexOf(":"), t1.LastIndexOf(":"))

ddlAM.SelectedValue = Right(t1, 2)

ddlPM.SelectedValue = Right(t2, 2)
 
 

dr.Close()
 
 

' Disable all the Assessments list :

' While ChkAssessList.HasControls

ChkAssessList.Enabled = False

cmdSelectAll.Visible = False
 
 
 

End Sub

Protected Sub chkPeriod_CheckedChanged(ByVal sender As Object, ByVal e As System.EventArgs) Handles chkPeriod.CheckedChanged

'MsgBox("changed")

If chkPeriod.Checked = True Then
 

ddlEndTime.Enabled = True

ddlStartTimeMin.Enabled = True

ddlStartTime.Enabled = True

ddlEndTimeMin.Enabled = True

chkPeriod.AutoPostBack = True

End If

If chkPeriod.Checked = False Then
 

ddlEndTime.Enabled = False

ddlStartTimeMin.Enabled = False

ddlStartTime.Enabled = True

ddlEndTimeMin.Enabled = True

chkPeriod.AutoPostBack = True

End If
 

End Sub

Protected Sub chkBoxSchedule_CheckedChanged(ByVal sender As Object, ByVal e As System.EventArgs) Handles chkBoxSchedule.CheckedChanged

If chkBoxSchedule.Checked = True Then

lblScheduleName.Enabled = True

txtScheduleName.Enabled = True

chkBoxSchedule.AutoPostBack = True

End If

If chkBoxSchedule.Checked = False Then

lblScheduleName.Enabled = False

txtScheduleName.Enabled = False

chkBoxSchedule.AutoPostBack = True

End If

End Sub

Sub Show_Schedule()

Dim uname, t1, t2, t3, t4 As String

' Dim str1, str2 As String

Dim startdate, enddate As Date
 

''Show Schedule for Editing...

uname = Membership.GetUser.UserName

gname = hidfldGroupName.Value

'sname = hidfldScheduleName.Value

aname = hidfldAssessName.Value
 

'MsgBox(uname)

'q = Membership.GetUser(uname).ProviderUserKey

'MsgBox(q.ToString)
 

cmd4 = New SqlCommand("Select AssessmentID, AssessmentType, AssessmentDescription from Assessment where AssessmentID=" & CInt(aname), cn)

'MsgBox(cmd4.CommandText)

dr1 = cmd4.ExecuteReader

'dr1.Read()

i = 0

'ChkAssessList.Items.Clear()

While dr1.Read()

ChkAssessList.Items.Add(dr1(2))

ChkAssessList.Items(i).Value = dr1(0)

ChkAssessList.Items(i).Text = dr1(2)

ChkAssessList.Items().FindByValue(dr1(0)).Selected = True

aid = dr1(0)

i = i + 1

End While

dr1.Close()
 
 

cmd3 = New SqlCommand("Select ScheduleId,AssessmentId,ParticipantId,ScheduleName,StartDateTime,EndDateTime,LimitAttempts,LimitdaysBetweenRetakes from AssessmentSchedule where AssessmentId=" & aname & " and GroupId=" & gname, cn)

'MsgBox(cmd3.CommandText)

dr = cmd3.ExecuteReader

dr.Read()

txtScheduleName.Text = dr(3)

txtLimit.Text = dr(6)

txtRetakes.Text = dr(7)
 

startdate = dr(4)

t3 = startdate.Date.ToShortDateString

txtStartDate.Text = t3

enddate = dr(5)

t4 = enddate.Date.ToShortDateString

txtEndDate.Text = t4
 

t1 = startdate.ToLongTimeString

ddlStartTime.SelectedValue = t1.Substring(0, t1.IndexOf(":"))

t2 = enddate.ToLongTimeString

ddlEndTime.SelectedValue = t2.Substring(0, t2.IndexOf(":"))
 

' t1 = startdate.Date.Minute()

ddlStartTimeMin.SelectedValue = t1.Substring(t1.IndexOf(":") + 1, t1.LastIndexOf(":"))

' t2 = enddate.Date.Minute()

ddlEndTimeMin.SelectedValue = t2.Substring(t2.IndexOf(":"), t1.LastIndexOf(":"))

ddlAM.SelectedValue = Right(t1, 2)

ddlPM.SelectedValue = Right(t2, 2)
 
 

dr.Close()
 
 

' Disable all the Assessments list :

' While ChkAssessList.HasControls

ChkAssessList.Enabled = False

cmdSelectAll.Visible = False
 

' End While

End Sub
 

Protected Sub Page_Unload(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Unload

If Not cn Is Nothing Then

If cn.State = ConnectionState.Open Then

cn.Close()

cn.Dispose()

End If

End If

If Not cn1 Is Nothing Then

If cn1.State = ConnectionState.Open Then

cn1.Close()

cn1.Dispose()

End If

End If

End Sub
 

Protected Sub cmdSelectAll_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles cmdSelectAll.Click

' need to write code that selects all of the Assessments
 

For Each listItem As ListItem In ChkAssessList.Items

listItem.Selected = True
 

Next
 

End Sub
 
 

End Class

Open in new window

0
 
LVL 75

Assisted Solution

by:Anthony Perkins
Anthony Perkins earned 50 total points
ID: 22697819
I beleive that on average we spend about 15 seconds reading a question, before we decide to contribute or move on.  The chances that anyone is going to wade through all that code to point out the error are I suspect slim to none.  I would therefore urge you to do your homework first.  By this I mean:
1. Narrow down the problem as much as possible.  
2. Post the lines (hopefully not more than 10) and where possible indicate the exact line the error occurred.
3. Post any addition info, such as values for the variables involved.

You you may then have better luck at getting a solution here.

Good luck.
0
 

Author Comment

by:RohitRepu
ID: 22705909
hey acperkins,
thanks for your suggestions!
The error in the code is caused by this line....
 cmd3 = New SqlCommand("Select ScheduleId,AssessmentId,ParticipantId,ScheduleName,StartDateTime,EndDateTime,LimitAttempts,LimitdaysBetweenRetakes from AssessmentSchedule where AssessmentId=" & aname & " and ScheduleName='" & sname & "' and participantID='" & uname & "'", cn)

thanks again,
rohit.
0
 
LVL 142

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 75 total points
ID: 22705985
as I indicated, using parameter objects will avoid the error completely.
it will though only occur is you get a sname or uname with a single quote.


you should not do it like this, but I show the code anyhow:
 cmd3 = New SqlCommand("Select ScheduleId,AssessmentId,ParticipantId,ScheduleName,StartDateTime,EndDateTime,LimitAttempts,LimitdaysBetweenRetakes from AssessmentSchedule where AssessmentId=" & aname & " and ScheduleName='" & sname.Replace("'", "''") & "' and participantID='" & uname.Replace("'", "''") & "'", cn)

Open in new window

0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Suggested Solutions

You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now