Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Apostrophe in insert command

Posted on 2010-08-19
Medium Priority
Last Modified: 2012-06-27
When trying to insert a sentence with an apostrophe, nothing happens. I reckon its because the sign is code as well and it destroys the meaning of the page for the system, is there anyway around it?
Question by:Vx_Chemical
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +4
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 33472656
I presume you are building the SQL query ad-hoc using user input.

you should use parametrized queries, that way this issue, including SQL Injection, will be solved (and code will be more readable also, queries should execute faster etc)
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 33472659
LVL 10

Assisted Solution

by:Jini Jose
Jini Jose earned 1000 total points
ID: 33472666

cQuery = "INSERT INTO [PAList]" +
                    " ([PAListId],[NomineeName])" +
                    " SELECT" +
                    " @PAListId" +
                    " ,@NomineeName";

            SqlParameter[] oparam = new SqlParameter[2];
            oparam[0] = new SqlParameter("@PAListId", PAListId);
            oparam[2] = new SqlParameter("@NomineeName", txtNomineeName.Text);

                SQLData.ExecuteNonQuery(Util.Constring, CommandType.Text, cQuery, oparam);
                lblMessage.Text = "Successfully Updated";
            catch (Exception ex)
                lblMessage.Text = ex.Message;

Open in new window

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)


Expert Comment

ID: 33472675
use the StoredProcedure to insert any data then there will be no problem.
LVL 18

Expert Comment

by:Rajar Ahmed
ID: 33472678
Just Replace one Apstrophe with one more

fStory = replace ( fStory ,"'","''")

INSERT Table1 (chColumnName) VALUES (fStory)

Open in new window

LVL 12

Expert Comment

ID: 33472724
Like angellll said. It's a good approach to always use parametrized queries.

This will also keep your system clean and secure from sql injections in log in screens. It helps you also when you are dealing with utf8 characters etc...

Accepted Solution

JuniorMember earned 1000 total points
ID: 33473683
there are two ways to do this:

A. the safest method is to use a parameter based approach (sql procedure or just SqlParameter):
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "INSERT INTO Table1 (FirstName, Address) VALUES (@FirstName, @Address)";

            SqlParameter SqlParameter1 = new SqlParameter("@FirstName", Textbox1.Text);

            SqlParameter SqlParameter2 = new SqlParameter("@Address", Textbox2.Text);


B. add one extra line before the sql excution:
1 mysqlstring = Textbox1.Text;
2 mysqlstring = mysqlstring.Replace( "'", "'" + CHAR(29) + "'" );
3 //execute the SQL mysqlstring here;

LVL 10

Expert Comment

by:Jini Jose
ID: 33474157
if you are using parametered query then there is no need for a replacement for ( ' ).

Author Comment

ID: 33508357
The system i am using is on a secure network with only cleared users. So if i didnt want to change too much of the code. How would i easiest exchange one ` for two ``

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question