txtname.Text.Trim().Replace("'", "' + char(39) + '")
the above statement is not working for stored procedure
views:
953answers:
3if i build sql manually it's working fine bbut if i use parameters it will not work
2009-04-22 10:48:45
Then you are doing it wrong. Doing it manually is guaranteed to make your code vurnerable for sql injection attacks and will cause problems with special characters like quotes and special data like dates. Tell us more about your enviroment and your code. Then we can give you more precise suggestions on how to fix the problem.
Rune Grimstad
2009-04-22 12:48:33
A:
You can find a solution here. Theres a guide how to use the Parameters or how to escape the single quote by hand.
Hope this helps..
Martin Lazar
2009-04-22 10:44:53
+3
A:
What are you trying to do? If you want to make the string "safe" for embedding in an SQL query, you might want this instead:
txtname.Text.Trim().Replace("'", "''")
...but I would strongly encourage you to use a parameter instead, if possible. Then you don't need to bother about the single quotes.
Fredrik Mörk
2009-04-22 10:45:06