Dealing with Single Quote (') problem in SQL Server while inserting data. [ All Languages » VB.net »  ADO.net] Total Hit ( 1937) Rate this article:     Poor     Excellent   Submit Your Question/Comment about this article Rating

I dont know how many times I had to face single quote problem during my day to day programming task. When you pass any character or varchar datatype to sql server you have to be very careful if your data contains single quotes. You have to replace (') with ('') so sql server can understand it properly. but this is not the best way everytime coz when you insert data then u have to convery it with ('') and when you read it back then again you have to replace ('') with (') And finally I found the most efficient way to deal with this type of problem is use Command/Parameters to execute your query or stored procedure. e.g the following statement might fail if someone enter codename with single quote in it. Click here to copy the following block cmd.CommandText = "select count(*) from codemaster where code ='" txtCode.text "'" ret=cmd.ExecuteScaler() but if you use the following statement then it will execute statement without any error Click here to copy the following block cmd.CommandText = "select count(*) from codemaster where code=@codename" cmd.Parameters.Add("@codename", txtCodeName.Text) ret=cmd.ExecuteScaler()

Related Article(s)

Submitted By : Nayan Patel  (Member Since : 5/26/2004 12:23:06 PM)
	Job Description : He is the moderator of this site and currently working as an independent consultant. He works with VB.net/ASP.net, SQL Server and other MS technologies. He is MCSD.net, MCDBA and MCSE. In his free time he likes to watch funny movies and doing oil painting.
View all (893) submissions by this author  (Birth Date : 7/14/1981 )