Re: quotes into SQL query

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: William Ryan eMVP (dotnetguru_at_comcast.nospam.net)
Date: 03/03/04 

Date: Wed, 3 Mar 2004 09:48:47 -0500

use Parameters instead.

cmd.CommandText = "INSERT INTO SomeTable Values (?, ?, ?)"

cmd.Parameters.Add(FirstValue)
cmd.Parameters.Add(SecondValue)

etc..

There are multiple overloads
http://www.knowdotnet.com/articles/parametergotcha.html and I'd recommend
using one of them because it gives you more control, but the example above
will work. This will give you cleaner code, better performance, and
improved security.... All upside on this approach.

HTH,

Bill
"Henry" <henriquebucher@hotmail.com.no_spam> wrote in message
news:#evJAkSAEHA.3220@TK2MSFTNGP10.phx.gbl...
> I'm writing a class that crawls through a removable media retrieving file
> info (who didn't make one yet?) and storing in an Access mdb.
> OleDbCommand fails when the file name contains quotes as in
> My friend's pictures.zip
> When building the SQL INSERT query, I tried putting \" before and after as
> suggested in a MS KB but it didn't work. I'm almost going to escape the
> entire file name a la http...
> Should I use stored procs and pass the file name as a parameter? Would it
> avoid escaping the file name?
>
> Many thanks
>
> Henrique
>
>
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.608 / Virus Database: 388 - Release Date: 3/3/2004
>
>

Relevant Pages

  • Re: Sometimes repainting has tiny warping effect
    ... perhaps recommend was the wrong word. ... sort of problems you meant all you could come up with was this edit control ... > moved the OnPaint handler to a separate file! ... Dialogs do not do any painting in response to WM_PAINT. ...
    (microsoft.public.vc.mfc)
  • Re: Need help with Javascript Eval()
    ... I recommend adding an "id" attribute too, ... The "javascript:" is superflous in the onclick attribute. ... First, S+M is performing string concatenation, since S and M are string ... it is treating the value of the "amt" control as a function. ...
    (comp.lang.javascript)
  • Re: Received fax errors after running SFC.exe
    ... NETWORK SERVICE Full Control ... Microsoft CSS Online Newsgroup Support ... newsgroups so that they can be resolved in an efficient and timely manner. ... When opening a new thread via the web interface, we recommend you check the ...
    (microsoft.public.windows.server.sbs)
  • Re: followup visit with doctor
    ... getting my blood sugar under control is the most important thing. ... think bringing him studies would cause him to recommend something other ... excellent doctor but I understand that he must stay within the rules ... She happily permits me to carry on doing what I have proved works, ...
    (alt.support.diabetes)
  • Re: Advice needed for University Project: Bluetooth, PIC & LCD Display
    ... is being played on a computer, like an advanced remote control. ... bluetooth module and LCD display to ... For the LCD, I highly recommend using the Nokia 3210/3310 LCD. ...
    (sci.electronics.design)