Quotation mark problem in VB.NET + database
I need to replace ( ' -> Quotation mark) with blank in my code in VB.NET as passing parameters in Database crashes the application if there is Quotation mark is present in the text box.
The values of First Name & Last Name are taken from edit box in a vb.net form
SQLQuery = "insert into Table(FirstName, LastName) " & "Values ('" txtFirstName.Text "','" txtLastName.Text "')"ASKER
Nice one but sorry to say didn't help
Use parameterized query, and then you don't need to worry about the quotation mark.
What is the error message that you are getting?
P.
P.
Also, how about using a Replace function in VB instead of using it on sql server side.
http://msdn.microsoft.com/
P.
http://msdn.microsoft.com/
P.
SQLQuery = "insert into Table(FirstName, LastName) " & "Values ('" & txtFirstName.Text.Replace("'","''") & "','" & txtLastName.Text.Replace("'","''") & "')"
ASKER
Many thanks for this, but sorry to say this didn't help.
I know that parameterized query is one solution... but me being lasy do not want to change the code. I need something similar to .Replace or can I replace the quotation mark in the form validation?
I know that parameterized query is one solution... but me being lasy do not want to change the code. I need something similar to .Replace or can I replace the quotation mark in the form validation?
what is your input in textboxes that createp problem?
ASKER
Thanks for all ur help... I hope I managed to stop the wrong input at the form itself... used the regular expression... ^[ \t\r\n\v\fa-zA-Z0-9_-]*$
Hey, don't close it!
I can give you the correct answer here it is :
Just replace the quotation with additional quote in it:
for example this one:
txtFirstname.text.Replace(
I can give you the correct answer here it is :
Just replace the quotation with additional quote in it:
for example this one:
txtFirstname.text.Replace(
SQLQuery = "insert into Table(FirstName, LastName) " & "Values ('" txtFirstName.Text.Replace("'","''") "','" txtLastName.Text..Replace("'","''") "')"
I provide you the correct answer
So I object
So I object
by using the code I gave you, you can still use the quotation in your query... So o need to remove it.
ASKER
I wanted to remove the single quotation not... & the solution provided is not helpful & does not work
@prabhatia
Your previous comment (24911008) I know that parameterized query is one solution... but me being lasy do not want to change the code. I need something similar to .Replace or can I replace the quotation mark in the form validation?
You mention you need something simalar that works like if you are using parameterized query. In parameterized query quotation mark is not replace or removed. So, I gave you the code that works and accept a string with quotation mark in it.
This is the reason why I object, when you request to delete this question.
Your previous comment (24911008) I know that parameterized query is one solution... but me being lasy do not want to change the code. I need something similar to .Replace or can I replace the quotation mark in the form validation?
You mention you need something simalar that works like if you are using parameterized query. In parameterized query quotation mark is not replace or removed. So, I gave you the code that works and accept a string with quotation mark in it.
This is the reason why I object, when you request to delete this question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
what was that non english comment... was that an abuse???
Open in new window