String field with single quotation mark is causing an error when inserting record in table

by

Is there any way to fix that, without removing the single quotation mark from the string?

Yes – use parameterized SQL instead. You should never use variable values directly in your SQL like this. It can allow SQL injection attacks, cause conversion oddities, and generally make the SQL more confusing to read.

See the documentation for SqlCommand.Parameters for an example of parameterized SQL.

Basically, the idea is that your SQL includes references to parameters, e.g.

INSERT INTO SomeTable(Foo, Bar) VALUES (@Foo, @Bar)

and then you specify the values for @Foo and @Bar separately. The values then aren’t part of the SQL itself, so it doesn’t matter whether or not they contain characters which would have special meaning within the SQL.

More Related Contents:

  1. How do parameterized queries help against SQL injection?
  2. How to execute an .SQL script file using c#
  3. Parsing SQL code in C# [closed]
  4. Entering keys manually with Entity Framework
  5. SQL Express connection string: mdf file location relative to application location
  6. Pass table valued parameter using ADO.NET
  7. Getting return value from stored procedure in C#
  8. SQL error: Incorrect syntax near the keyword ‘User’
  9. Why does the Contains() operator degrade Entity Framework’s performance so dramatically?
  10. Could not find an implementation of the query pattern
  11. DateTime format to SQL format using C#
  12. Filter sql based on C# List instead of a filter table
  13. C# guid and SQL uniqueidentifier
  14. Local sequence cannot be used in LINQ to SQL implementation of query operators except the Contains() operator
  15. Stop SQL query execution from .net Code
  16. Entity Framework. Delete all rows in table
  17. SQLException : String or binary data would be truncated
  18. Multi threading C# application with SQL Server database calls
  19. C# Version Of SQL LIKE
  20. Use linq to generate direct update without select
  21. NHibernate – Many to Many Query using Junction/Joiner Table
  22. Oracle Parameters with IN statement?
  23. When is it better to write “ad hoc sql” vs stored procedures [duplicate]
  24. How to insert data into SQL Server
  25. Convert SQL to LINQ Query [closed]
  26. Must declare the table variable @table
  27. how to recognize similar words with difference in spelling
  28. How do I extract data from a DataTable?
  29. Use SQL Server time datatype in C#.NET application?
  30. Is SqlConnection.Close() need inside a Using statement?

Leave a Comment