tags:

views:

398

answers:

4
+2  Q: 

False Alarm: SqlCommand, SqlParameter and single quotes

Hello! I'm trying to fix single quote bug in the code:

std::string Index;

connection->Open();
String^ sTableName = gcnew String(TableName.c_str());
String^ insertstring = String::Format("INSERT INTO {0} (idx, rec, date) VALUES (@idx,    @rec, getdate())", sTableName);
SqlCommand^ command = gcnew SqlCommand(insertstring, connection);
String^ idx = gcnew String(Index.c_str());
command->Parameters->Add("@idx", SqlDbType::VarChar)->Value = idx;

The bug is that if idx="that's", the SQL fails saying that there is a syntax error. Obviously, the problem is in the quote. But some googling shows that using parameters is the way to work with quotes. And SqlParameter works well, if type is TEXT and not VARCHAR.

There are any solutions other than manually doubling number of quote symbols in the string?

Update: I tried to manually edit this field in SQL Management Studio and it didn't allow single quotes in VARCHAR field. It this normal in SQL?

A: 

If you are sure its a quotes prob then,

C# code:

idx = idx.Replace("'", "''");

would solve the problem.

Rashmi Pandit  2009-05-19 10:36:48
This is done automatically by SqlParameter
Nick Berardi  2009-05-19 10:41:27
Yes, that solves the problem, but it this the cleanest way to solve?And the error doesn't raise if the data type is TEXT(in another field) instead of VARCHAR.
Anton Kazennikov  2009-05-19 10:42:25
+1  A: 

To be honest I have never had a problem with SqlParameters. But try the following:

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparametercollection.addwithvalue.aspx

command->Parameters->AddWithValue("@idx", idx);

This should work and encode correctly for you.

Nick Berardi  2009-05-19 10:41:03
Unfortunately, this code doesn't work either.
Anton Kazennikov  2009-05-19 11:15:14
+2  A: 

I suspect the problem is either a quote getting in your table name, or that idx sounds more like the name of a number type than a character type.

Based on your update, I suggest you check for extra constraints on the table in management studio.

Joel Coehoorn  2009-05-19 11:44:09
No, I checked the table --- it is a VARCHAR
Anton Kazennikov  2009-05-19 12:01:36
Thanks! That solved the problem! There was offending triggers for that SQL table.
Anton Kazennikov  2009-05-19 12:52:21
A: 

Sorry.

The problem was in SQL trigger's code. After removing them, all worked fine.

Anton Kazennikov  2009-05-19 12:50:48

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?