Printable View
hi pals!!! i have an encryption/decryption method sometimes the encrypted string has a single quote like thisnow my problem is everytime I execute query to insert that string into my database it always gives me an error message sayingCode:E' å³
is there any posible solution for this? thanks in advance!!!Quote:
Incorrect syntax near 'åÂ'.
Unclosed quotation mark after the character string ')'.
How exactly are you inserting this data? Are you using parameters like you should be, or are you using string concatenation to build up a literal SQL statement?
im using string concatenation....
is there a better way to perform the above code?Code:encPswrd = RndCrypt(txtNewPassword.Text, txtNewUsername.Text.ToUpper());
qryStr = @"insert into users values('" + txtNewUsername.Text.ToUpper() + "','" + encPswrd + "','" + restriction + "')";
sqlCmd = new SqlCommand(qryStr, sqlConn);
sqlCmd.ExecuteNonQuery();
Using string concatenation to build SQL statements is a bad idea for several reasons and this is just one of them. Use parameters wherever possible.Code:qryStr = "INSERT INTO Users (UserName, EncPswrd, Restriction) VALUES (@UserName, @EncPswrd, @Restriction)";
sqlCmd = new SqlCommand(qryStr, sqlConn);
sqlCmd.Parameters.AddWithValue("@UserName", txtNewUsername.Text.ToUpper());
sqlCmd.Parameters.AddWithValue("@EncPswrd", encPswrd);
sqlCmd.Parameters.AddWithValue("@Restriction", restriction);
Ok..i'll try your example..thanks!!
great!!! it works! thanks!
Cool. Don't forget to resolve your thread from the Thread Tools menu.