Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 212
  • Last Modified:

C# SQL Server Insert Embedded quotes

I want to do an insert into an SQL Server table but some of the variables have embeded quotes and commas

How do I insert variables that have embedded quotes and commas?

Example

strContactName = Drake, Tree, Castles  (has a comma)
strContactLocation = Tree's are Us   (has a single quote)

When I try and Insert these I get an error how do I work around it.

sql = "insert into Contacts(ContactName, ContactLocation) ";
sql = sql + " values('" + strContactName + "'," + strContactLocation + "')";
cmdw.CommandText = sql;
0
Idarac
Asked:
Idarac
1 Solution
 
Robert SchuttSoftware EngineerCommented:
The simplest way to do this is to double up single quotes in string values (commas shouldn't be a problem, note the syntax error in your posted code, a missing quote after the comma in the value list).
sql = sql + " values('" + strContactName.Replace("'", "''") + "', '" + strContactLocation.Replace("'", "''") + "')";

Open in new window

However you may want to look into using Command parameters as that's the better way to do this:
            sql = "insert into Contacts(ContactName, ContactLocation) ";
            sql = sql + " values(@ContactName, @ContactLocation)";
            cmdw.CommandText = sql;
            cmdw.Parameters.Add(new SqlParameter("@ContactName", strContactName));
            cmdw.Parameters.Add(new SqlParameter("@ContactLocation", strContactLocation));
            cmdw.ExecuteNonQuery();

Open in new window

Now you don't have to mess with the value of your variables. Also, if you ever have to insert multiple records in the same table you don't have to change the CommandText each time, just set new values for the parameter objects and it will be faster and more efficient.
0
 
käµfm³d 👽Commented:
I second the use of parameterized queries. Using string concatenation to build queries opens you up to SQL Injection attacks.
0
 
IdaracAuthor Commented:
Thank you
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now