i have a table of data that the user can enter into, the data type is set to "text" and has worked in some test so far, but when i type data in '' marks such as :
'text here'
it gives me an incorrect syntax error, is there a way around this? or is the '' charectors invalid? thanks John
A single quote is a string separator. So if your data has single quotes you might have to excape it with double quotes: example:Select'test''s'
|||Are you using parameters? If not, you should. It will help avoid this kind of problem. Others might suggest doubling the apostrophes, but while it works, that is not the answer.|||Mikesdotnetting:
Are you using parameters? If not, you should. It will help avoid this kind of problem. Others might suggest doubling the apostrophes, but while it works, that is not the answer.
Agreed.
||| parameters will stop me getting this error? awesome! thanks for your help John
I have an insert query which gives me a similar error, I cant see why its not working, the error is
A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$CommentBox="<b>test text</b>").
My code is :
Connection.Open();
SqlCommand InsertItem = new SqlCommand("INSERT INTO TestTable(Inserted) VALUES ('@.item')", Connection);
InsertItem.Parameters.Add("@.item", SqlDbType.VarChar).Value = Textbox1.Text;
InsertItem.ExecuteNonQuery();
Connection.Close();
I simply tryed to insert the text string <b>test text</b>
Thanks John
|||You dont need to put quotes if you are using parameterized queries.
SqlCommand InsertItem = new SqlCommand("INSERT INTO TestTable(Inserted) VALUES (@.item)", Connection);
thats awesome thanks, that answered every question i could come up with! haha John
No comments:
Post a Comment