Using a Parameterized Query to Fix SQL Syntax Errors

Using a parameterized query to update or insert records into a database is the best method for dealing with apostrophes (single quotes) in the data. It has the added benefit of reducing your database to SQL injection attacks because all of the text in a parameter is treated only as data. Below is a very basic example of how to use command parameters. The example is shown with SQL but it can also be used with OLEDB. Please note: if you use parameters with OLEDB connections they must be placed in the same order they appear in the table.

More details about SqlCommand.Parameters can be found on the MSDN website.

If you have any comments, questions, or suggestions please fell free to contact us.


Sitemap | Privacy Statement

Copyright ©1993-2023 McGrath Electronics, Inc.  All Rights Reserved