locked
quotation mark RRS feed

  • Question

  • User59162070 posted

    Since we should place the string terms between quotation mark in INSRET statement, so the end-user cannot use of quotation mark.

    When I use of quotation mark in the HTML Editor, then my INSERT statement throws an exeption.

    How can i solve this bug?

    Sunday, October 11, 2009 6:11 AM

Answers

All replies

  • User455390698 posted

    this normally happens whe you use inline sql, so you will need to use a clean string function like replace :

     mySql.ToString().Replace("'", "");


    But you you should try and use Parameters:

    http://aspnet101.com/aspnet101/tutorials.aspx?id=1 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, October 11, 2009 10:03 AM
  • User59162070 posted

    Thanks a lot,

    My problem has been solved.


    string SqlString = "INSERT INTO News(Text)VALUES(@UserText)";

    cmd.Parameters.Add("@UserText", SqlDbType.NVarChar).Value = UserText;

    Sunday, October 11, 2009 12:49 PM