|
-
Oct 4th, 2006, 04:30 PM
#1
Thread Starter
New Member
how to wrote ' inside string in VB.net
Dim strSQL As String = "Select * from Doctors where first_name= '" & First_name.Text & "' and last_name= '" & Last_name.Text & "' "
Dim da As SqlDataAdapter = New SqlDataAdapter(strSQL, DBConn)
Dim ds As DataSet = New DataSet
da.Fill(ds)
My problem is: Last_name may contain ', for example O'Brien
the query will fail. strSQl= "select * from Doctors where last_name=O'Brien"
how can I wrote ' inside the string? for my textbox : Last_name.Text
it may contain ', what 's correct syntax to write my query?
Thanks!
-
Oct 4th, 2006, 04:39 PM
#2
Re: how to wrote ' inside string in VB.net
Instead of ', you can write chr(39). 39 is the ASCII value of '
-
Oct 4th, 2006, 04:40 PM
#3
Re: how to wrote ' inside string in VB.net
VB Code:
Dim sqlCmd As New SqlClient.SqlCommand("Select * from Doctors where first_name=@First and last_name=@Last")
sqlCmd.Parameters.Add("@First", First_name.Text)
sqlCmd.Parameters.Add("@Last", Last_name.Text)
-
Oct 4th, 2006, 04:43 PM
#4
Thread Starter
New Member
Re: how to wrote ' inside string in VB.net
thanks for your reply.
but How can I write query? strSQL="select * from Doctors where last_name=
' " & Last_name.text & " ' "
Last_name.text is the texbox value. sometimes it may contain ', how can I do it? Thanks!
-
Oct 4th, 2006, 04:54 PM
#5
Thread Starter
New Member
Re: how to wrote ' inside string in VB.net
sorry, I did not see last reply. It works. I appreciated your help. Thanks!
-
Oct 4th, 2006, 05:47 PM
#6
Re: how to wrote ' inside string in VB.net
Just one point to note: if you're using VB 2005 it will be AddWithValue rather than Add. Please specify your version in future threads. Also, don't forget to resolve your thread from the Thread Tools menu if your question has been answered.
-
Oct 4th, 2006, 06:04 PM
#7
Re: how to wrote ' inside string in VB.net
And just for future reference your problem is a SQL problem, not a VB problem. To get around this, you can simply replace all single quotes, with two single quotes. So in your example, O'Brien would be inserted as O''Brien, and the SQL statement would work.
To do it in your code, it is as simple as:
VB Code:
Dim strSQL As String = "Select * from Doctors where first_name= '" & First_name.Text.Replace("'","''") & "' and last_name= '" & Last_name.Text.Replace("'","''") & "' "
-
Oct 5th, 2006, 02:30 AM
#8
Re: how to wrote ' inside string in VB.net
 Originally Posted by Negative0
And just for future reference your problem is a SQL problem, not a VB problem. To get around this, you can simply replace all single quotes, with two single quotes. So in your example, O'Brien would be inserted as O''Brien, and the SQL statement would work.
To do it in your code, it is as simple as:
This is not a good idea. Using Parametrized queries is the proper and correct solution.
Use [code] source code here[/code] tags when you post source code.
My Articles
-
Oct 5th, 2006, 05:47 AM
#9
Fanatic Member
Re: how to wrote ' inside string in VB.net
Instead of handling single quotes in dynamically built SQL statements I'd recomment using the SqlCommand object and set the parameter values. If this is not feasible then a function like below might help.
VB Code:
' This should be in a Utils class and invoked as Utils.HandleQuote("O'Brien")
public shared Function HandleQuote(byval data as string) As String
' replace single occurrences of single quote with two single quotes
' For O'Brien function will return 'O''Brien'
Return "'" & String.Replace(data, "'", "''") & "'"
End Function
Using VB.NET 2003/.NET 1.1/C# 2.0
http://del.icio.us/rajoo
Blow your mind, smoke gunpowder
Ashes to ashes, dust to dust
If God won't have you, the devil will. - Author unknown
Don't follow me, I'm lost too ...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
