it looks like this
cmd=new sqlcommand("insert into tblname values('" & textbox1.text & "')",cn)
cmd.executereader
the problem is if i type a singlequote or double quote an error is throwing,invalid syntax ...
how can i s'rt out it with out using a sql stored procedure
thanks in advance
PrasantHHi,
try replacing the single quotes present in your input with double single quotes ... example below:
string sqlInput = textbox1.text.Replace("'","''");
In the above code what I have done is that I have replaced all single quotes (') with two single quotes (''). The Sql database will store a single quote when i encounters two single quotes in your query. Hope this solves ur issue.
CreProDes|||you dont have to worry about it if you use parameterized queries..
No comments:
Post a Comment