c# replace double quotes
I searched hundreds of entries and tried tons of examples - I cannot find how to replace double quotes so my sql insert will run.
This runs for single quotes:
memberID = memberID.Replace("'","''")
so I need the same thing for double quotes.
Also, does a replace work on all the characters in the string or just once?
This runs for single quotes:
memberID = memberID.Replace("'","''")
so I need the same thing for double quotes.
Also, does a replace work on all the characters in the string or just once?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What other characters will interfere with an insert?
How about ampersand?
How about ampersand?
I think what you're after is:
memberID = memberID.Replace("\"\"","o
memberID = memberID.Replace("\"\"","o
I think you just have to worry about the single quote, not double quote or other.
I use to replace the single quote with a tick (`):
memberID = memberID.Replace("'","`");
I use to replace the single quote with a tick (`):
memberID = memberID.Replace("'","`");
but if you want to avoid to use all these, better you use parameters instead.
have a look to:
http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
read "Parameterised Queries" section.
have a look to:
http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
read "Parameterised Queries" section.
why not use....
memberID=@memberID
memberID=@memberID
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To replace Single Quotes, Double Quotes or Carriage Returns for use with Crystal Reports in C# try
fieldValue = fieldValue.Replace("\r\n",
This allows the Crystal Report to Print with the desired result
fieldValue = fieldValue.Replace("\r\n",
This allows the Crystal Report to Print with the desired result
ASKER