tags:

views:

499

answers:

3
Q: 

Linq to SQL - double quote issue

I have a problem wherein if I have a text area in ASP.NET and enter 2 double quotes at the very end of the sentence, I get a error in my sql statement. I have traced thru the sql profiler but with no luck.

eg. The lazy fox jump over the dog"". This fails....

""The "lazy" fox jumps over the dog. This seems fine

Any pointers most welcome

+3  A: 

Are you concatenating your user input into the SQL statement directly? If so, that's almost certainly the problem.

If you use a parameterised SQL statement instead (i.e. send the user data as a parameter rather than directly in the SQL) it should be fine. That way you also guard against SQL injection attacks...

Jon Skeet  2009-03-17 15:41:32
+1  A:  
0x3A28213A 
0X6339392C 
0X7363682E
Telos  2009-03-17 15:41:49
Plagiarized from XKCD, of course...
Telos  2009-03-17 15:42:22
That'll be the problem then! Maybe he's using x64, so those 32-bit pointers won't work... <g>
Marc Gravell  2009-03-17 15:50:20
+3  A: 

You should probably post the exact error message (and if possible, illustrative code). Also - note that with LINQ-to-SQL, you don't need the sql profiler to see the trace:

ctx.Log = Console.Out; // job done
Marc Gravell  2009-03-17 15:48:02

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps