I'm doing an application that reads and updates some VFP tables along with SQL Server tables.
For a variety of reason, I'm not using data binding, but instead I'm constructing and executing commands as follows:
string strupdatestring = "Update somast01 SET ponum = ' '" + textBoxPonum.Text + “’"
During testing, I mistakenly typed a ""' in the textBoxPonum field and when the program ran the command above (ExecuteNonQuery), the provider dutifully returned a message that the command contained junk.
Is there any shortcut here or do I have to check every field for things like quote signs?
Besides quote signs and apostrophes, what else can bring it down?
Anyone who does not go overboard- deserves to.
Malcolm Forbes, Sr.