sql query single quote problem

Question

0.00/5 (No votes)

See more:

SQL

OleDbDataAdapter da = new OleDbDataAdapter("select * from LOGIN where U_name='" + User + "' And  U_password='" + Password + "' ", con);

when i put d'souza it gives me an error

Posted 19-Apr-13 9:18am

Amirsalgar1

Add a Solution

Comments

Richard C Bishop 19-Apr-13 15:21pm

It reads the single quote in that name as an indicator to begin or end a string. You cannot use that. Double it up to escape the single quote and that should work.

joshrduncan2012 19-Apr-13 15:25pm

Rich is correct. However, this would have been a great question to ask google. To use the single quote in the name, you will have to replace the single quote with 2 single quotes. That should do the trick for you.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

yeng thao · Answer 1 · 2013-04-19T17:42:00

Solution 3

Try this hope it can help.......

C#

public static string DoQuotes(string sql)
       {
           if (sql == null)
               return "";
           else
               return sql.Replace("'", "''");
       }

Posted 19-Apr-13 17:42pm

yeng thao

GregWyatt · Answer 2 · 2013-04-19T09:23:00

That is because the single quote represent the end of the string so all of text after it is seen as malformed input. Do Replace("'","\\'") (C# version) on the user name to place an escape character before the single quote. In MySQL the espace character is a \ I'm not sure of what it is for your situation so you will have to double check. Please let me know if this doesn't work for you.

José Amílcar Casimiro · Answer 3 · 2013-04-19T09:27:00

Solution 2

Hello Amirsalgar1,

Like richcb told you in the first comment, the problem is the ['] character in d'souza name.
I recommend you to use sql parameter object to avoid this kind of problem.
http://msdn.microsoft.com/en-us/library/bbw6zyha(v=vs.71).aspx[^]

Good luck.
JAFC

Posted 19-Apr-13 9:27am

José Amílcar Casimiro