pitaridis
Well-known member
- Joined
- Nov 18, 2005
- Messages
- 63
- Programming Experience
- 10+
I have a project which allow the user to insert and update the records of the database. I use the following SQL Command in order to insert a new record in the database.
The problem is that when a user types the ' character, this has as a result the progam to stop because of an SQL syntax error.
I read that this problem can be solved if I change the ' character with two of them. I changed my code to be like the one below.
The problem is that the program keep stop when I use the ' character. Can someone suggest a working function which solves this problem?
VB.NET:
Dim SQLInsertCommand As String = "Insert into Students (Surname, Address) values('" & txtSurname.Text & "','" & txtAddress.Text & "')"The problem is that when a user types the ' character, this has as a result the progam to stop because of an SQL syntax error.
I read that this problem can be solved if I change the ' character with two of them. I changed my code to be like the one below.
VB.NET:
Dim SQLInsertCommand As String = "Insert into Students (Surname, Address) values('" & FixDatabaseString(txtSurname.Text) & "','" & FixDatabaseString(txtAddress.Text) & "')"
Private Function FixDatabaseString(ByVal TheString As String) As String
Dim result As String = TheString
result = result.Replace(CStr("'"), CStr("''"))
Return result
End FunctionThe problem is that the program keep stop when I use the ' character. Can someone suggest a working function which solves this problem?
