wrote an insert for a C#.Net web app. The insert works fine, except if there are appostrophies (spelling) for example:
this isn't a problem
this isnt a problem
the second one will work the first will not.
The info is going into a sql server database as text(16), the same result occurs with char.
I believe you'll need to use an escape character "\", so something like this:
"this isn\'t a problem"
Also, you should try to use stored procedures or at the very least paramater queries. Both of those would solve your problem as well.
"I would love to change the world, but they won't give me the source code." -unknown
I thought the same thing with the stored procedure, one thing we found that did work was replacing all the " ' " with " * " and then converting back when the info is displayed. Stored procedure gave the same problem. The info is going in as variables, a user types in text and it is stored, but i the user types in a " ' ", it isnt going to go through. Would you recommend writing a function to add a " \" or other escape character for c# to be out in front of the " ' " before it enters the database? Thanks.