Asp.net Insertion issue

4 replies
When i insert data with single quote in it , it shows me error while inserting data in sql server. I am using asp.net using c#

Please advice
#aspnet #insertion #issue
  • Profile picture of the author PHPSpaZ
    You cannot typically put quotes into a mysql statement as actual values but you can use them to pass variables. Could you supply the bit of code you are having a problem with. Mainly the sql statement? Thanks!
    {{ DiscussionBoard.errors[5891302].message }}
  • {{ DiscussionBoard.errors[5894434].message }}
  • Profile picture of the author Earnie Boyd
    Ah, KirkMcD, you make it too easy. I wanted to wait and see the responses. :rolleyes:

    Also you need to make sure you're inserted data isn't causing any SQL Injections.
    Signature
    {{ DiscussionBoard.errors[5896127].message }}
    • Profile picture of the author IMBotz
      Don't use single quotes in your query, its an open invitation for SQL injection!

      Use this instead:
      using (SqlConnection con = new SqlConnection(connectionString))
      {
      string cmdSQL="your query";
      SqlCommand cmd = new SqlCommand(cmdSQL, con);
      cmd.CommandType = CommandType.Text;
      cmd.Parameters.Add("@Name", SqlDbType.NVarChar).Value = "some string";
      ...
      ..
      .
      }

      Using parameters with SQLCommand is more secure.

      Learn more: SQLCommand and Parameters

      EDIT: OOPS, I thought the OP was talking about single quotes in the SQL query!
      {{ DiscussionBoard.errors[5899874].message }}

Trending Topics