• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1799
  • Last Modified:

how to handle single quote character in vb.net with sql server queries

how to handle single quot character in vb.net with sql server queries
0
rbadhan
Asked:
rbadhan
1 Solution
 
richard_cristCommented:
Please post some more information about what you are trying to do.  If you are getting errors please post an example.  Thanks.
0
 
andyesslingerCommented:
Are you having trouble building the query, or handling the user input?

Your best bet building the query would probably be to use parameterized queries. Stored procedures are best, but even inline sql can use parameters, eg:

Dim cmd as new SqlCommand("Insert INTO table (name, email) values (@name, @Email)")
cmd.Parameters.Add("@Name", "me")
cmd.Parameters.Add("@Email", "someuser@some.com")
cmd.ExecuteNonQuery()

Rather than "Insert INTO table (name, email) values ('" & somevar & "', '" & someothervar & "')"

If the trouble is handling single quotes in user input try encoding the text using Server.HtmlEncode/Server.HtmlDecode...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now