Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Should we escape ' when building command text?
Message
From
31/12/2007 13:35:31
Naomi Nosonovsky
Wisconsin, United States
 
 
To
31/12/2007 13:25:25
Bonnie DeWitt
Geneva Systems Group
Ellensburg, Washington, United States
General information
Forum:
ASP.NET
Category:
Databases
Title:
Re: Should we escape ' when building command text?
Environment versions
Environment:
ASP.NET
OS:
Windows XP
Database:
MS SQL Server
Miscellaneous
Thread ID:
01278630
Message ID:
01278676
Views:
25
>Not to be mean or anything, Naomi ... but it's really not a good idea to post several un-related questions in one post.
>
>1) AFAIK, you can't automatically generate a date in a comment
>
>2) The answer I gave before for the parameters applies equally if you're constructing the command with a StringBuilder. Why wouldn't it?
>
>~~Bonnie
>

May be I'm not yet understanding something.

Here is some code:

Command.CommandText = this.RecurrPrograms(ProgramID);

And in the RecurrPrograms method there is a string created 
System.Text.StringBuilder RecurrQuery = new System.Text.StringBuilder();
and then 
tplEntry = string.Format("INSERT INTO Programs2Times (" +
                "[ProgramID],[TimeOfProgram],[EndTime],[Fee],[VolunteerFee],[VolunteersReq],[Canceled]" +
                ",[Facilitator]) VALUES({0},'{{0}} {1}','{{0}} {2}', " +
                "{3}, {4}, {5}, 0, '{6}')\n", ProgramID, StartTime, EndTime, this.txtbProgFee.Text,
                VolFee, this.txtbProgVolReq.Text, this.txtbPrgFacilitator.Text);
and appended later in the loop.

How can I apply Parameters here?
If it's not broken, fix it until it is.


My Blog
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform