I have been doing VB front ends for SQL for a few years now and somehow this never came up. I am writing data to a SQL table using an ExecuteNonQuery statement in VB.NET. The code is listed below:
The problem lies in that if a user uses an apostraphe in the subject (I.E."My wife's computer won't work"), then the INSERT command fails because SQL thinks that the embedded apostraphes signal the end of the string.Code:Dim strCmd, strFrom, strSubject, strBody As String Dim datDate As Date strFrom = txtFrom.Text strSubject = txtSubject.Text strBody = txtBody.Text datDate = lblDate.Text strCmd = "INSERT INTO Mail (MailFrom, MailSubject, MailBody," & _ "MailDate) VALUES('" & strFrom & "', '" & strSubject & _ "', '" & strBody & "', '" & datDate & "')" cmdMail.Connection = cnMail cmdMail.CommandText = strCmd cnMail.Open() cmdMail.ExecuteNonQuery() cnMail.Close()
How can I make SQL ignore the apostraphes in the string?
Joe Cody
Allied Tube & Conduit
Reply With Quote