c# - Database insertion troubles because of character (') -
if try insert string in database containing character ('), face problem.
sql ="insert mytable (name) values ('"&request("name")&"') " the solution beginners is
sql ="insert mytable (name) values (replace('"&request("name")&"',"'","@") " for example have change when retrieving record.
but, problem if have large amount of these fields might contain character ('), follow time-consuming solution every field?! or maybe of have smart , quick solution?
edit: stated in comments, way suggested following.
first, fetch of values , store them in variables. create insert statement using parameters insert values database.
var value1 = //fetch want insert var value2 = //fetch want insert using (sqlconnection con = new sqlconnection(connectionstring)) using (sqlcommand cmd = new sqlcommand("insert mytable values (@value1, @value2)", con)) { cmd.parameters.addwithvalue("@value1", value1); cmd.parameters.addwithvalue("@value2", value2); con.open(); try { cmd.executenonquery(); } catch (sqlexception ex) { console.writeline(ex.message) } }
Comments
Post a Comment