Using SQL to insert a String
Posted on 2009-04-16
I have the following code in a VB.NET Windows app:
Dim SQL_StdRFIInsert As New SqlCommand("INSERT INTO StandardRFI (RFICode, RFITitle, RFIText) VALUES ('" & PUB_StdCode & "', '" & PUB_StdTitle & "', '" & PUB_StdText & "')", SqlConnection1)
This code simply takes some manually input values (PUB_StdCode, PUB_StdTitle and PUB_StdText are public strings) and inserts them into a SQL Server table.
This works fine, until the user wants to enter an apostrophe into one of the fields. This causes my code to crash because seemingly an apostrophe is looked upon differnetly. How can I insert a string which includes apostrophes?