• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 359
  • Last Modified:

asp.net passing cml param to SQL with a ' that breaks the proc

so i have an asp.net c# web app that generates an xml string using string builder that concatenates a bunch of text boxes and drop downs into an xml parameter and passes it to SQL proc.

everything was going well until someone entered "eat at joe's" and the single quote broke the stored proc...

whast the best way to manage this?

0
realcoding
Asked:
realcoding
  • 2
  • 2
2 Solutions
 
David RobitailleAnalyst ProgrammerCommented:
double the quote!
I use string.replace("'", "'')
this replace ' with ' '
0
 
David RobitailleAnalyst ProgrammerCommented:
sorry, it`s
string.replace("'", "''")
the last " was missing
 
0
 
YZlatCommented:
single quote needs to be replaced by two single quotes
0
 
YZlatCommented:
davrob60 got it:)
0
 
Carl TawnSystems and Integration DeveloperCommented:
If it's XML then you would be better off converting it to '
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now