• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1789
  • Last Modified:

how to handle single quote character in vb.net with sql server queries

how to handle single quot character in vb.net with sql server queries
0
rbadhan
Asked:
rbadhan
1 Solution
 
richard_cristCommented:
Please post some more information about what you are trying to do.  If you are getting errors please post an example.  Thanks.
0
 
andyesslingerCommented:
Are you having trouble building the query, or handling the user input?

Your best bet building the query would probably be to use parameterized queries. Stored procedures are best, but even inline sql can use parameters, eg:

Dim cmd as new SqlCommand("Insert INTO table (name, email) values (@name, @Email)")
cmd.Parameters.Add("@Name", "me")
cmd.Parameters.Add("@Email", "someuser@some.com")
cmd.ExecuteNonQuery()

Rather than "Insert INTO table (name, email) values ('" & somevar & "', '" & someothervar & "')"

If the trouble is handling single quotes in user input try encoding the text using Server.HtmlEncode/Server.HtmlDecode...
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Tackle projects and never again get stuck behind a technical roadblock.
Join Now