Apostraphes in SQL String [RESOLVED]

I have been doing VB front ends for SQL for a few years now and somehow this never came up. I am writing data to a SQL table using an ExecuteNonQuery statement in VB.NET. The code is listed below:

Code:

---

Dim strCmd, strFrom, strSubject, strBody As String
Dim datDate As Date
strFrom = txtFrom.Text
strSubject = txtSubject.Text
strBody = txtBody.Text
datDate = lblDate.Text
strCmd = "INSERT INTO Mail (MailFrom, MailSubject, MailBody," & _
                "MailDate) VALUES('" & strFrom & "', '" & strSubject & _
                "', '" & strBody & "', '" & datDate & "')"
cmdMail.Connection = cnMail
cmdMail.CommandText = strCmd
cnMail.Open()
cmdMail.ExecuteNonQuery()
cnMail.Close()

---

The problem lies in that if a user uses an apostraphe in the subject (I.E."My wife's computer won't work"), then the INSERT command fails because SQL thinks that the embedded apostraphes signal the end of the string.

How can I make SQL ignore the apostraphes in the string?

Joe Cody
Allied Tube & Conduit

use Replace(strbody,"'","''")

You need to replace all single quotes in your hold variables with 2 single quotes.

Frank

That got it. Thanks a ton!