Asp.net Insertion issue

by 4 replies
5
When i insert data with single quote in it , it shows me error while inserting data in sql server. I am using asp.net using c#

Please advice
#programming #aspnet #insertion #issue
  • You cannot typically put quotes into a mysql statement as actual values but you can use them to pass variables. Could you supply the bit of code you are having a problem with. Mainly the sql statement? Thanks!
  • sql server insert single quotes c# - Google Search
  • Ah, KirkMcD, you make it too easy. I wanted to wait and see the responses. :rolleyes:

    Also you need to make sure you're inserted data isn't causing any SQL Injections.
    • [1] reply
    • Don't use single quotes in your query, its an open invitation for SQL injection!

      Use this instead:
      using (SqlConnection con = new SqlConnection(connectionString))
      {
      string cmdSQL="your query";
      SqlCommand cmd = new SqlCommand(cmdSQL, con);
      cmd.CommandType = CommandType.Text;
      cmd.Parameters.Add("@Name", SqlDbType.NVarChar).Value = "some string";
      ...
      ..
      .
      }

      Using parameters with SQLCommand is more secure.

      Learn more: SQLCommand and Parameters

      EDIT: OOPS, I thought the OP was talking about single quotes in the SQL query!
Join the discussion

Next Topics on Trending Feed