How can I change the below code to SQL Parameters? (I think this is what I need)
I have a problem where if lvitem.text has a ' in the text then it will not insert into my SQL table.
'Richard's here' - Will not insert because of the '
'Richards here' - Will insert as there is no '
I need to be able to insert into the field reqardless of the string.
For Each lvItem As ListViewItem In ListView1.Items
Dim query2 As String = "INSERT INTO tblOrderLines(custref,orderref, Barcode, Product, price) values ( " & _
"'" & strCustRef & "','" & strOrderRef & "','" & lvItem.Text & "','" & lvItem.SubItems(1).Text.ToString & "','" & lvItem.SubItems(2).Text.ToString & "')"
Dim result2 As Integer = New SqlCommand(query2, con).ExecuteNonQuery