locked
bound controls and special characters RRS feed

  • Question

  • User-511995934 posted

    i have a form which has a field "company name"  - if the user enters a name with an apostrophy and/or an ampersand (&) - how should i code my sql insert/update statements so that they insert the right thing into sql server so that later, when i bind my label control to my sql data source, it will work?

    for example, i've tried this:

    Dim strCompanyName As String = Replace(txtCompanyName.Text, "'", "''")
            strCompanyName = Replace(txtCompanyName.Text, "&", "&")
            SqlDataSource3.UpdateCommand = "update company set companyname = '" & strCompanyName & "'"

     

    but it doesn't work

     

    Thursday, February 2, 2012 4:40 PM

Answers

  • User3866881 posted

    Hello:)

    Try to use SqlParameter instead——

    Using cmd As SqlCommand= new SqlCommand("update company set companyname=@companyname",new SqlConnection("……"))
    
      cmd.Parameters.AddWithValue("@companyname","'aaa&bbb'");
      cmd.ExecuteNonQuery();
    
    End Using
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, February 3, 2012 9:55 PM