Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.

Tip of the Day
Language: Visual Basic
Expertise: Beginner
Jan 19, 2000



Application Security Testing: An Integral Part of DevOps

Building SQL in Code

I am building an SQL statement to Insert and Update records. If the user enters a double quote mark in the text box the SQL statement treats this as the end of the field and the SQL statement is then invalid. I have changed the SQL statement to use single quote marks, but now the user can't enter single quote marks in the textbox. Is there a solution to this?
sql = "Insert into tblTech (TechId, TechDesc)
  values (" & """" & Trim(.TechId) & """, " & """" 
     & Trim(.TechDesc) & """);"

qyTech.CommandText = sql


Any strings that you are passing to a database must be enclosed in single quotes, not double quotes. If you change the two double quote character pairs to single quotes, that should take care of your problem.

DevX Pro
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.
Thanks for your registration, follow us on our social networks to keep up-to-date