|
-
Aug 19th, 2004, 09:24 AM
#1
Thread Starter
Lively Member
Apostraphes in SQL String [RESOLVED]
I have been doing VB front ends for SQL for a few years now and somehow this never came up. I am writing data to a SQL table using an ExecuteNonQuery statement in VB.NET. The code is listed below:
Code:
Dim strCmd, strFrom, strSubject, strBody As String
Dim datDate As Date
strFrom = txtFrom.Text
strSubject = txtSubject.Text
strBody = txtBody.Text
datDate = lblDate.Text
strCmd = "INSERT INTO Mail (MailFrom, MailSubject, MailBody," & _
"MailDate) VALUES('" & strFrom & "', '" & strSubject & _
"', '" & strBody & "', '" & datDate & "')"
cmdMail.Connection = cnMail
cmdMail.CommandText = strCmd
cnMail.Open()
cmdMail.ExecuteNonQuery()
cnMail.Close()
The problem lies in that if a user uses an apostraphe in the subject (I.E."My wife's computer won't work"), then the INSERT command fails because SQL thinks that the embedded apostraphes signal the end of the string.
How can I make SQL ignore the apostraphes in the string?
Joe Cody
Allied Tube & Conduit
Last edited by Daywalker46410; Aug 19th, 2004 at 01:08 PM.
Joe Cody
Data Integration Engineer
Novaspect, Inc.
Elk Grove Village, IL
-
Aug 19th, 2004, 09:48 AM
#2
Member
use Replace(strbody,"'","''")
You need to replace all single quotes in your hold variables with 2 single quotes.
Frank
-
Aug 19th, 2004, 01:08 PM
#3
Thread Starter
Lively Member
That got it. Thanks a ton!
Joe Cody
Data Integration Engineer
Novaspect, Inc.
Elk Grove Village, IL
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote