quoted string not properly terminated

Posted on 2011-04-19
Last Modified: 2012-05-11
Have an excel file I am importing into an Oracle database using a small C# application only problem is that if someone sticks an apostrophe in there it kills the entire process. I am doing an insert to a temp table and then using a package to do the final insert.  Suggestions?

below is where I am parsing through the excel. The issue happens with the comments column.
while ((line = sr.ReadLine()) != null)
                    cnt2 += 1;
                    row = line.Split(',');
                    ExternalAcct = row[2];
                    FirstCompDate = row[3];
                    LastCompDate = row[4];
                    CompCode = TranCompCode(row[5]);
                    Comments = row[20].Replace("'","");

                    if (ExternalAcct != "" && is_date(FirstCompDate) && is_date(LastCompDate) && CompCode != "")
                        // set up Oracle reader ---------------------
                        cnt += 1;
                        OraCmd.CommandText = "Insert into CIRC.TH_STC_Temp Values ("
                                           + cnt.ToString()
                                           + ", 0"
                                           + ", '" + CompCode
                                           + "', to_date('" + FirstCompDate + "','YYYYMMDD')"
                                           + ", to_date('" + LastCompDate + "','YYYYMMDD')"
                                           + ",'" + ExternalAcct
                                           + "', '" + row[5] 
                                           + "', '" + row[20] + "')";

Open in new window

Question by:mtnseeker
    LVL 25

    Accepted Solution

    Before adding your apostrophe's, use the escape. escape a single quote, simply add another single quote.
    LVL 25

    Expert Comment

    by:Ron M

    Comments = row[20].Replace("'","''");

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    ASP.NET MVC site showing code blocks 3 47
    SQL QUERY to Table question 32 60
    using Access 8 41
    How does CurrentUser work? 10 14
    Most everyone who has done any programming in VB6 knows that you can do something in code like Debug.Print MyVar and that when the program runs from the IDE, the value of MyVar will be displayed in the Immediate Window. Less well known is Debug.Asse…
    Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
    As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
    Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now