passing cml param to SQL with a ' that breaks the proc

so i have an c# web app that generates an xml string using string builder that concatenates a bunch of text boxes and drop downs into an xml parameter and passes it to SQL proc.

everything was going well until someone entered "eat at joe's" and the single quote broke the stored proc...

whast the best way to manage this?

Who is Participating?
David RobitailleConnect With a Mentor Analyst ProgrammerCommented:
sorry, it`s
string.replace("'", "''")
the last " was missing
David RobitailleAnalyst ProgrammerCommented:
double the quote!
I use string.replace("'", "'')
this replace ' with ' '
single quote needs to be replaced by two single quotes
davrob60 got it:)
Carl TawnConnect With a Mentor Systems and Integration DeveloperCommented:
If it's XML then you would be better off converting it to '
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.