troubleshooting Question

SQL Query Problems

Avatar of richard_gar
richard_gar asked on
Visual Basic.NET
6 Comments1 Solution198 ViewsLast Modified:
How can I change the below code to SQL Parameters? (I think this is what I need)

I have a problem where if lvitem.text has a ' in the text then it will not insert into my SQL table.

'Richard's here' - Will not insert because of the '
'Richards here' - Will insert as there is no '

I need to be able to insert into the field reqardless of the string.
For Each lvItem As ListViewItem In ListView1.Items
            Dim query2 As String = "INSERT INTO tblOrderLines(custref,orderref, Barcode, Product, price) values ( " & _
            "'" & strCustRef & "','" & strOrderRef & "','" & lvItem.Text & "','" & lvItem.SubItems(1).Text.ToString & "','" & lvItem.SubItems(2).Text.ToString & "')"
            Dim result2 As Integer = New SqlCommand(query2, con).ExecuteNonQuery
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros