C# SQL Server Insert Embedded quotes
Posted on 2014-09-26
I want to do an insert into an SQL Server table but some of the variables have embeded quotes and commas
How do I insert variables that have embedded quotes and commas?
strContactName = Drake, Tree, Castles (has a comma)
strContactLocation = Tree's are Us (has a single quote)
When I try and Insert these I get an error how do I work around it.
sql = "insert into Contacts(ContactName, ContactLocation) ";
sql = sql + " values('" + strContactName + "'," + strContactLocation + "')";
cmdw.CommandText = sql;