>I am actually experiencing this problem using the Compact Framework with SQLCE, however I assume it is an issue typical to SQL in general.
>
>The following code fails if any of the parameters have a single quote (') in their values.
>
>
>public DataSet GetItemRecord (string cText1, string cText2, string cMenu)
>{
> return Execute("itemmenu",string.Format(
> "SELECT * "+
> " FROM itemmenu "+
> " WHERE buttontxt1 = '{0}' AND buttontxt2 = '{1}' AND alt_name = '{2}'",
> cText1, cText2, cMenu));
>}
>
>
>I am sure there is a standard way of dealing with this. I know I can do parameterized queries, but there are so many of these types of situations that I would like to know a quicker way.
>
>As a followup, as a long time VFP programmer who has only dabbled with SQL, can you recommend a good reference for dealing with SQL syntax, etc.
>
>Thanks,
>
>Paul R. Moon
>Business Software Solutions
Paul,
To get a literal single quote into an Sql Server parameter, replace it with two single-quotes.