Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Apostrophe in insert command

Posted on 2010-08-19
Last Modified: 2012-06-27
When trying to insert a sentence with an apostrophe, nothing happens. I reckon its because the sign is code as well and it destroys the meaning of the page for the system, is there anyway around it?
Question by:Vx_Chemical
  • 2
  • 2
  • 2
  • +4
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 33472656
I presume you are building the SQL query ad-hoc using user input.

you should use parametrized queries, that way this issue, including SQL Injection, will be solved (and code will be more readable also, queries should execute faster etc)
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 33472659
LVL 10

Assisted Solution

by:Jini Jose
Jini Jose earned 250 total points
ID: 33472666

cQuery = "INSERT INTO [PAList]" +
                    " ([PAListId],[NomineeName])" +
                    " SELECT" +
                    " @PAListId" +
                    " ,@NomineeName";

            SqlParameter[] oparam = new SqlParameter[2];
            oparam[0] = new SqlParameter("@PAListId", PAListId);
            oparam[2] = new SqlParameter("@NomineeName", txtNomineeName.Text);

                SQLData.ExecuteNonQuery(Util.Constring, CommandType.Text, cQuery, oparam);
                lblMessage.Text = "Successfully Updated";
            catch (Exception ex)
                lblMessage.Text = ex.Message;

Open in new window

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.


Expert Comment

ID: 33472675
use the StoredProcedure to insert any data then there will be no problem.
LVL 18

Expert Comment

by:Rajar Ahmed
ID: 33472678
Just Replace one Apstrophe with one more

fStory = replace ( fStory ,"'","''")

INSERT Table1 (chColumnName) VALUES (fStory)

Open in new window


Expert Comment

ID: 33472679
LVL 12

Expert Comment

ID: 33472724
Like angellll said. It's a good approach to always use parametrized queries.

This will also keep your system clean and secure from sql injections in log in screens. It helps you also when you are dealing with utf8 characters etc...

Accepted Solution

JuniorMember earned 250 total points
ID: 33473683
there are two ways to do this:

A. the safest method is to use a parameter based approach (sql procedure or just SqlParameter):
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
cmd.CommandText = "INSERT INTO Table1 (FirstName, Address) VALUES (@FirstName, @Address)";

            SqlParameter SqlParameter1 = new SqlParameter("@FirstName", Textbox1.Text);

            SqlParameter SqlParameter2 = new SqlParameter("@Address", Textbox2.Text);


B. add one extra line before the sql excution:
1 mysqlstring = Textbox1.Text;
2 mysqlstring = mysqlstring.Replace( "'", "'" + CHAR(29) + "'" );
3 //execute the SQL mysqlstring here;

LVL 10

Expert Comment

by:Jini Jose
ID: 33474157
if you are using parametered query then there is no need for a replacement for ( ' ).

Author Comment

ID: 33508357
The system i am using is on a secure network with only cleared users. So if i didnt want to change too much of the code. How would i easiest exchange one ` for two ``

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
hbo knew my windows software 4 62
Generate Unique ID in VB.NET 21 61
ASP.NET MVC - Views 3 20
Why use this lambda? 12 37
This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question