Solved

how can I write a \ to a mysql field via vb.net

Posted on 2011-03-10
5
324 Views
Last Modified: 2012-06-22
I have a variable IniLoc which is populated from a datagridview, the result being "D:\FTPROOT\FRED"  Thats no problem.

Later on in my code I want to write this back to my database and I use         myCommand.Connection = conn
myCommand.CommandText = "INSERT INTO `incidentmon` (`Subject`, `IncidentDate`, `IncidentFolder`,`Status` ) VALUES ('" & Subject & "', '" & NewDate & "', '" & IniLoc & "\" & Subject & "', 'Processing');"

subject = Test for this example.

And sure enough it writes back to the database, however, the IniLoc field that is written back appears as
"D:FTPROOTFREDTest"

How can I get it to write back including the \'s in the right places?
0
Comment
Question by:CarlCCTVSI
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
Daniel Reynolds earned 500 total points
ID: 35096270
try doubling the slash.  as in "\\"
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 35096352
or use parameters instead of building the SQL like this ad-hoc.
using parameters will also avoid sql injection. ...
0
 

Author Comment

by:CarlCCTVSI
ID: 35096460
Thanks folks,

I get the idea os using the \\'s that not a problem, however, the string comes from somewhere else and only contains single \'s.  Any ideas how I can turn my \'s in the string to \\'s in the string ?

(so it goes from D:\FTPROOT\FRED to D:\\FTPROOT\\FRED)
0
 

Author Comment

by:CarlCCTVSI
ID: 35096539
Thanks Again,

I've cracked it.  Simple case of useing another string and replacing the \ with a \\

string2 = string1.replace("\" , "\\")

Did the job.
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 35100347
though this is a simple method to solve the \ problem, you will run into sql injection sooner or later:
http://www.google.lu/search?q=sql+injection&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

for your own safety, better change to SqlCommand + SqlParameter programming:
http://www.csharp-station.com/Tutorials/AdoDotNet/Lesson06.aspx
presuming you work with SQL Server database, but the concept is the same for other database systems .
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial demonstrates one way to create an application that runs without any Forms but still has a GUI presence via an Icon in the System Tray. The magic lies in Inheriting from the ApplicationContext Class and passing that to Application.Ru…
Well, all of us have seen the multiple EXCEL.EXE's in task manager that won't die even if you call the .close, .dispose methods. Try this method to kill any excels in memory. You can copy the kill function to create a check function and replace the …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question