Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Should we escape ' when building command text?
Message
De
31/12/2007 13:35:31
Naomi Nosonovsky
Wisconsin, États-Unis
 
 
À
31/12/2007 13:25:25
Bonnie DeWitt
Geneva Systems Group
Ellensburg, Washington, États-Unis
Information générale
Forum:
ASP.NET
Catégorie:
Bases de données
Titre:
Re: Should we escape ' when building command text?
Versions des environnements
Environment:
ASP.NET
OS:
Windows XP
Database:
MS SQL Server
Divers
Thread ID:
01278630
Message ID:
01278676
Vues:
24
>Not to be mean or anything, Naomi ... but it's really not a good idea to post several un-related questions in one post.
>
>1) AFAIK, you can't automatically generate a date in a comment
>
>2) The answer I gave before for the parameters applies equally if you're constructing the command with a StringBuilder. Why wouldn't it?
>
>~~Bonnie
>

May be I'm not yet understanding something.

Here is some code:

Command.CommandText = this.RecurrPrograms(ProgramID);

And in the RecurrPrograms method there is a string created 
System.Text.StringBuilder RecurrQuery = new System.Text.StringBuilder();
and then 
tplEntry = string.Format("INSERT INTO Programs2Times (" +
                "[ProgramID],[TimeOfProgram],[EndTime],[Fee],[VolunteerFee],[VolunteersReq],[Canceled]" +
                ",[Facilitator]) VALUES({0},'{{0}} {1}','{{0}} {2}', " +
                "{3}, {4}, {5}, 0, '{6}')\n", ProgramID, StartTime, EndTime, this.txtbProgFee.Text,
                VolFee, this.txtbProgVolReq.Text, this.txtbPrgFacilitator.Text);
and appended later in the loop.

How can I apply Parameters here?
If it's not broken, fix it until it is.


My Blog
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform