Click to See Complete Forum and Search --> : problem with single quote
daimous
Sep 3rd, 2006, 11:24 PM
hi pals!!! i have an encryption/decryption method sometimes the encrypted string has a single quote like this E'�εΒ³ now my problem is everytime I execute query to insert that string into my database it always gives me an error message saying
Incorrect syntax near 'εΒ'.
Unclosed quotation mark after the character string ')'.
is there any posible solution for this? thanks in advance!!!
jmcilhinney
Sep 3rd, 2006, 11:28 PM
How exactly are you inserting this data? Are you using parameters like you should be, or are you using string concatenation to build up a literal SQL statement?
daimous
Sep 4th, 2006, 12:10 AM
im using string concatenation....
encPswrd = RndCrypt(txtNewPassword.Text, txtNewUsername.Text.ToUpper());
qryStr = @"insert into users values('" + txtNewUsername.Text.ToUpper() + "','" + encPswrd + "','" + restriction + "')";
sqlCmd = new SqlCommand(qryStr, sqlConn);
sqlCmd.ExecuteNonQuery();
is there a better way to perform the above code?
jmcilhinney
Sep 4th, 2006, 12:20 AM
Using string concatenation to build SQL statements is a bad idea for several reasons and this is just one of them. Use parameters wherever possible.qryStr = "INSERT INTO Users (UserName, EncPswrd, Restriction) VALUES (@UserName, @EncPswrd, @Restriction)";
sqlCmd = new SqlCommand(qryStr, sqlConn);
sqlCmd.Parameters.AddWithValue("@UserName", txtNewUsername.Text.ToUpper());
sqlCmd.Parameters.AddWithValue("@EncPswrd", encPswrd);
sqlCmd.Parameters.AddWithValue("@Restriction", restriction);
daimous
Sep 4th, 2006, 12:33 AM
Ok..i'll try your example..thanks!!
daimous
Sep 4th, 2006, 02:50 AM
great!!! it works! thanks!
jmcilhinney
Sep 4th, 2006, 02:51 AM
Cool. Don't forget to resolve your thread from the Thread Tools menu.
vbforums.com
Copyright Internet.com Inc., All Rights Reserved.