Click here to Skip to main content
12,700,256 members (34,657 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: VB MySQL VB.NET
I'm trying to insert of search or read for data with the ' marks in and am reciving an error about MySQL syntax, how can I use the ' in a query?
Posted 8-Feb-13 10:57am
Comments
richcb 8-Feb-13 16:08pm
   
You will need to post the code and error message you are receiving.
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

"Don't!" Is the simple answer.

Use parameterized queries instead - that way you will also not be vulnerable to SQL injection attacks, which can damage or destroy your database.
  Permalink  
Comments
   
Correct, a 5, but I also referenced escaping and links on parametrized queries and SQL injection.
—SA
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

Everything is shown in MySQL documentation; was to so hard to consult it?

This is how to escape ' " and other characters: http://dev.mysql.com/doc/refman/5.0/en/string-literals.html[^].

However, it's possible that the root problem is different. Do you obtain SQL query by concatenating some SQL language constructs with data? Even if it works, this is not a right thing to do. You should better use parametrized statements instead. Please see:
http://msdn.microsoft.com/en-us/library/ms254953.aspx[^],
http://msdn.microsoft.com/en-us/library/yy6y35y8%28v=vs.80%29.aspx[^].

Not only it's generally better and will help you to avoid escaping problems, it's also much safer, which is very important. In particular, it can help you to get protected from a well-known exploit called SQL injection:
http://en.wikipedia.org/wiki/SQL_injection[^].

Note the section 3.1 explaining the importance of parametrized statements.

—SA
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web02 | 2.8.170118.1 | Last Updated 8 Feb 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100