temporary fix is
string txtCustomerName = "Mc'' Donald";
but the above code is
not recommended, since it is vulnerable to
SQL Injection[
^] attacks.
always use
Using Parameterized queries to prevent SQL Injection Attacks [
^]
You will have to write a method inside your
DataHelper
class to handle the
sql command
as
static void ExecuteCommand(SqlCommand cmd)
{
SqlConnection con = new SqlConnection();
con.ConnectionString = "Your Connectoin string";
cmd.Connection = con;
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
and invoke it like below
string customerName = txtCustomerName.Text;
string strsql = "Update Tbproposal set CustomerName = @customer";
SqlCommand cmd = new SqlCommand(strsql);
cmd.Parameters.Add("@customer", customerName);
DataHelper.ExecuteCommand(cmd);