Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Should we escape ' when building command text?
Message
From
03/01/2008 14:15:32
Naomi Nosonovsky
Wisconsin, United States
 
 
To
03/01/2008 14:11:56
Bonnie DeWitt
Geneva Systems Group
Ellensburg, Washington, United States
General information
Forum:
ASP.NET
Category:
Databases
Title:
Re: Should we escape ' when building command text?
Environment versions
Environment:
ASP.NET
OS:
Windows XP
Database:
MS SQL Server
Miscellaneous
Thread ID:
01278630
Message ID:
01279323
Views:
14
>>In run-time that variable @EventVal already declared
>
>Well, yeah ... if you have more than one Item selected in your List, then you'll be adding that parameter more than once. Yeah, that's not gonna work that way. Try this:
>
>
>            ListItem Item;
>            string ParmName;
>            for (int i=0; i < this.lsbEvntTargetPop.Items.Count; i++)
>            {
>                Item = this.lsbEvntTargetPop.Items[i];
>                if (Item.Selected)
>                {
>                    ParmName = "@EventVal" + i.ToString();
>                    Command.CommandText += "\nINSERT INTO EventTargets VALUES(@EvID," + ParmName + ")";
>                    Command.Parameters.AddWithValue(ParmName , Item.Value);
>                }
>            }
>
>~~Bonnie
>
>
I see. Do you think this is better or I should just leave the original code? We don't have single quote in the list values as I checked (they are populated manually and there is limited number of entries) or your code is still better?

Thanks again.
If it's not broken, fix it until it is.


My Blog
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform