|
-
May 9th, 2007, 06:56 PM
#1
Thread Starter
Hyperactive Member
Troublesome SQL insert statements
What charectors / words are not allowed in an INSERT statement (or any statement for that matter).for example.
Code:
strInsertStatement = "INSERT INTO tblTable values('" & string1 & "','" & string2 & "','" & string3 & "')"
what charectors and or words must be striped from the string1,2,3 variables to ensure I do not get errors, I am having problems inserting ID3 comments into a database and quite often they contain various charectors that only a clown would type, and it even appears that sometimes the people who wrote the tags wrote them deliberatly in such way that problems would be encountered...
Is there a way to not worry about what the strings contain, because its giving me a headache, it would be good if there was a charector for sql statements that indicates the following text in the statement is a variable to use rather than part of the instructional statement itself, I dont know of this, but it would make it good for doing things like storing querys in a database.
I want to do as little validation as possible as the app will usually insert between 1000 and 10'000 rows, and each row has about 13 collumns, so that would leave the user with quite a wait before being able to use all of this data.
thanks in advance
-
May 9th, 2007, 07:02 PM
#2
Re: Troublesome SQL insert statements
You are not the only one who does this so this is not directed at you specifically but I'm seriously sick of posting this: do NOT use string concatenation to build SQL statements. If you do it properly and use parameters then you don't even have to think about illegal characters because there are none:
VB.NET Code:
Dim myCommand As New SqlCommand
myCommand.CommandText = "INSERT INTO MyTable (Column1, Column2, Column3) VALUES (@Column1, @Column2, @Column3)"
myCommand.Parameters.AddWithValue("@Column1", string1)
myCommand.Parameters.AddWithValue("@Column2", string2)
myCommand.Parameters.AddWithValue("@Column3", string3)
There are several reasons to use parameters and this is only one of them.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|