[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

how can I write a \ to a mysql field via vb.net

I have a variable IniLoc which is populated from a datagridview, the result being "D:\FTPROOT\FRED"  Thats no problem.

Later on in my code I want to write this back to my database and I use         myCommand.Connection = conn
myCommand.CommandText = "INSERT INTO `incidentmon` (`Subject`, `IncidentDate`, `IncidentFolder`,`Status` ) VALUES ('" & Subject & "', '" & NewDate & "', '" & IniLoc & "\" & Subject & "', 'Processing');"

subject = Test for this example.

And sure enough it writes back to the database, however, the IniLoc field that is written back appears as
"D:FTPROOTFREDTest"

How can I get it to write back including the \'s in the right places?
0
CarlCCTVSI
Asked:
CarlCCTVSI
  • 2
  • 2
1 Solution
 
Daniel ReynoldsSoftware Applications Developer / IntegratorCommented:
try doubling the slash.  as in "\\"
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
or use parameters instead of building the SQL like this ad-hoc.
using parameters will also avoid sql injection. ...
0
 
CarlCCTVSIAuthor Commented:
Thanks folks,

I get the idea os using the \\'s that not a problem, however, the string comes from somewhere else and only contains single \'s.  Any ideas how I can turn my \'s in the string to \\'s in the string ?

(so it goes from D:\FTPROOT\FRED to D:\\FTPROOT\\FRED)
0
 
CarlCCTVSIAuthor Commented:
Thanks Again,

I've cracked it.  Simple case of useing another string and replacing the \ with a \\

string2 = string1.replace("\" , "\\")

Did the job.
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
though this is a simple method to solve the \ problem, you will run into sql injection sooner or later:
http://www.google.lu/search?q=sql+injection&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

for your own safety, better change to SqlCommand + SqlParameter programming:
http://www.csharp-station.com/Tutorials/AdoDotNet/Lesson06.aspx
presuming you work with SQL Server database, but the concept is the same for other database systems .
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now