I have the following code in a VB.NET Web Form app that searches for names in a FileTable:
Dim connectionString As String = "Data Source=AV-W12-ROMS-1;Initial Catalog=RESUMES;Integrated Security=True"
Dim sql As String = ""
Dim connection As New SqlConnection(connectionString)
Dim cmd As New SqlCommand
sql = "SELECT IsNull(COUNT(1),0) as 'count' FROM RESUMES.dbo.ftbl_resume_files WHERE CONTAINS([name],'" + search_name + "')"
cmd.Connection = connection
cmd.CommandText = sql
name_count = cmd.ExecuteScalar()
I ran into an error when one of the search_name
field values was O'leary
because of the single quote. How can I avoid it but include it in the search?