Last post May 16, 2008 02:50 PM by Mikesdotnetting
May 15, 2008 07:29 PM|visliCom|LINK
I am getting following error when I try to insert my data in access database field type in access database is "memo". I think problem is with ' (Apostrophe) , how ro replace Apostrophe in C# asp.net 2.0. I am trying with
string prodescout = prodesc.Replace("'",
"" + (char)146);.
myOleDbCommand.CommandText = Strsql;
replace Apostrophe in C# asp.net access Syntax error (missing operator) in query expression
May 15, 2008 08:02 PM|smiling4ever|LINK
Better you use Parametrized queries and to avoid the ad-hoc queries because they can be miss used by the hackers (sql injection).
Use that for all the parameters shown above. This will solve your issue by the way :)
May 16, 2008 02:07 AM|Mikesdotnetting|LINK
Don't use Replace() to escape apostrophes:
May 16, 2008 11:58 AM|visliCom|LINK
single quotes c# replace
May 16, 2008 12:46 PM|visliCom|LINK
May 16, 2008 02:50 PM|Mikesdotnetting|LINK
how to replace single quotes (') in c#
string inprice = fprice.Replace("'","''");
I am not worried about security
Fair enough. But your customer or your boss will be. What's so hard about doing it properly?