Link to home
Start Free TrialLog in
Avatar of CarlCCTVSI
CarlCCTVSIFlag for Afghanistan

asked on

how can I write a \ to a mysql field via vb.net

I have a variable IniLoc which is populated from a datagridview, the result being "D:\FTPROOT\FRED"  Thats no problem.

Later on in my code I want to write this back to my database and I use         myCommand.Connection = conn
myCommand.CommandText = "INSERT INTO `incidentmon` (`Subject`, `IncidentDate`, `IncidentFolder`,`Status` ) VALUES ('" & Subject & "', '" & NewDate & "', '" & IniLoc & "\" & Subject & "', 'Processing');"

subject = Test for this example.

And sure enough it writes back to the database, however, the IniLoc field that is written back appears as
"D:FTPROOTFREDTest"

How can I get it to write back including the \'s in the right places?
ASKER CERTIFIED SOLUTION
Avatar of Daniel Reynolds
Daniel Reynolds
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
or use parameters instead of building the SQL like this ad-hoc.
using parameters will also avoid sql injection. ...
Avatar of CarlCCTVSI

ASKER

Thanks folks,

I get the idea os using the \\'s that not a problem, however, the string comes from somewhere else and only contains single \'s.  Any ideas how I can turn my \'s in the string to \\'s in the string ?

(so it goes from D:\FTPROOT\FRED to D:\\FTPROOT\\FRED)
Thanks Again,

I've cracked it.  Simple case of useing another string and replacing the \ with a \\

string2 = string1.replace("\" , "\\")

Did the job.
though this is a simple method to solve the \ problem, you will run into sql injection sooner or later:
http://www.google.lu/search?q=sql+injection&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

for your own safety, better change to SqlCommand + SqlParameter programming:
http://www.csharp-station.com/Tutorials/AdoDotNet/Lesson06.aspx
presuming you work with SQL Server database, but the concept is the same for other database systems .