Solved

VB.NET App with SQL SELECT WHERE and Single Quote in Field

Posted on 2014-03-19
5
773 Views
Last Modified: 2014-03-19
I have the following code in a VB.NET Web Form app that searches for names in a FileTable:
Dim connectionString As String = "Data Source=AV-W12-ROMS-1;Initial Catalog=RESUMES;Integrated Security=True"
Dim sql As String = ""
Dim connection As New SqlConnection(connectionString)
Dim cmd As New SqlCommand
sql = "SELECT IsNull(COUNT(1),0) as 'count' FROM RESUMES.dbo.ftbl_resume_files WHERE CONTAINS([name],'" + search_name + "')"
connection.Open()
cmd.Connection = connection
cmd.CommandText = sql
name_count = cmd.ExecuteScalar()
connection.Close()

Open in new window

I ran into an error when one of the search_name field values was O'leary because of the single quote.  How can I avoid it but include it in the search?
0
Comment
Question by:wchestnut
  • 2
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39940966
How about enclosing it between "" instead of '':
sql = "SELECT IsNull(COUNT(1),0) as 'count' FROM RESUMES.dbo.ftbl_resume_files WHERE CONTAINS([name],""" + search_name + """)"

Open in new window

HTH,
Dan
0
 

Author Comment

by:wchestnut
ID: 39940986
No, that didn't work... SQL didn't like the double-quotes.
New-SQL-String-Value.jpg
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39940996
Yeah, it's confusing. Try this:

sql = "SELECT IsNull(COUNT(1),0) as 'count' FROM RESUMES.dbo.ftbl_resume_files WHERE CONTAINS([name],""" + search_name + """ + ")"

Open in new window

0
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 500 total points
ID: 39941007
If you're using inline SQL then you need to escape the single apostrophe with a double apostrophe:
sql = "SELECT IsNull(COUNT(1),0) as 'count' FROM RESUMES.dbo.ftbl_resume_files WHERE CONTAINS([name],'" + search_name.Replace("'", "''") + "')"

Open in new window

Although a parameterised query would be a neater, and safer, option.
0
 

Author Closing Comment

by:wchestnut
ID: 39941012
Thanks, Carl!  That worked perfectly!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now