DO NOT USE string concatenation - use parameters!!!!!!!!!!!

I believe we discussed it with you few times before already.

Simply do

values (?Param1, ?Param2, ... etc.)

and then cmd.Parameters.AddWithValue('Param1',myTextbox.Text)
etc.

>>>My INSERT statement includes data for a memo field and the data may include text with embedded carriage returns. This is throwing a syntax error when executed. Can someone tell me how to encode the string (from VBNET) so it will execute?
>>>Thanks
>>
>>Can you post your exact statement that gives an error? If you're using parameters, the carriage return should not matter and should not give any errors.
>Well, here's the whole function.

>	Public Function SaveTIPChanges() As Boolean
>		Dim oConn As New OleDbConnection(ConfigurationManager.ConnectionStrings("TIPWebEdits").ConnectionString)
>
>		Dim SQL As String = "INSERT INTO tip ("
>		SQL += "tip_id,"
>		SQL += "st_name,"
>		SQL += "termini,"
>		SQL += "project,"
>		SQL += "rtp_id,"
>		SQL += "sponsor_id,"
>		SQL += "state_id,"
>		SQL += "fed_id,"
>		SQL += "why,"
>		SQL += "length,"
>		SQL += "existlanes,"
>		SQL += "newlanes,"
>		SQL += "newwalks,"
>		SQL += "newbikelanes,"
>		SQL += "total_cost,"
>		SQL += "contact,"
>		SQL += "phone,"
>		SQL += "func_class,"
>		SQL += "System,"
>		SQL += "subsystem,"
>		'SQL += "memo,"
>		SQL += "s_scoping,"
>		'SQL += "s_proceed,"
>		'SQL += "s_envclr,"
>		'SQL += "s_stage1,"
>		'SQL += "s_utility,"
>		'SQL += "s_railroad,"
>		'SQL += "s_rwplans,"
>		'SQL += "rw_clr,"
>		'SQL += "s_planfile,"
>		'SQL += "s_sale,"
>		SQL += "EditBy)"
>
>		SQL += " values "
>
>		SQL += "("
>		SQL += TIPID_TextBox.Text.Trim + ","
>		SQL += "[" + st_name_TextBox.Text.Trim + "],"
>		SQL += "[" + Termini_TextBox.Text.Trim + "],"
>		SQL += "[" + Project_TextBox.Text.Trim + "],"
>		SQL += rtp_id_TextBox.Text.Trim + ","
>		SQL += "[" + sponsor_id_TextBox.Text.Trim + "],"
>		SQL += "[" + state_id_TextBox.Text.Trim + "],"
>		SQL += "[" + fed_id_TextBox.Text.Trim + "],"
>		SQL += "[" + why_TextBox.Text.Trim + "],"
>		SQL += Length_TextBox.Text.Trim + ","
>		SQL += ExistLanes_TextBox.Text.Trim + ","
>		SQL += NewLanes_TextBox.Text.Trim + ","
>		SQL += IIf(Sidewalk_CheckBox.Checked = True, ".T.", ".F.") + ","
>		SQL += IIf(BikeLane_CheckBox.Checked = True, ".T.", ".F.") + ","
>		SQL += Total_cost_TextBox.Text.Trim + ","
>		SQL += "[" + Contact_TextBox.Text.Trim + "],"
>		SQL += "[" + Phone_TextBox.Text.Trim + "],"
>		SQL += "[" + FuncClass_DropDownList.SelectedValue.Trim + "],"
>		SQL += "[" + System_DropDownList.SelectedValue.Trim + "],"
>		SQL += "[" + Subsystem_DropDownList.SelectedValue.Trim + "],"
>		'SQL += "[" + Server.UrlEncode(Memo_TextBox.Text.Trim) + "],"
>		SQL += s_Scoping_TextBox.Text.Trim + ","
>		'SQL += s_proceed_textbox.Text.Trim + ","
>		'SQL += s_envclr_TextBox.Text.Trim + ","
>		'SQL += s_stage1_TextBox.Text.Trim + ","
>		'SQL += s_utility_TextBox.Text.Trim + ","
>		'SQL += s_railroad_TextBox.Text.Trim + ","
>		'SQL += s_rwplans_TextBox.Text.Trim + ","
>		'SQL += s_rwclr_TextBox.Text.Trim + ","
>		'SQL += s_planfile_TextBox.Text.Trim + ","
>		'SQL += s_sale_TextBox.Text.Trim + ","
>		SQL += "[" + Membership.GetUser.UserName + "])"
>		Response.Write(SQL)
>
>		Dim oCommand As New OleDbCommand("ExecuteSQL", oConn)
>		oCommand.CommandType = CommandType.StoredProcedure
>		Dim param = oCommand.Parameters.Add("@SQL", OleDbType.WChar)
>		param.Value = SQL
>
>		oConn.Open()
>		oCommand.ExecuteNonQuery()
>		oConn.Close()
>		Return True
>
>
>	End Function
>

>I'm also trying to figure out the syntax for the dates as you can see. The problem is with the MEMO field named memo :) (its an old database).