Using a parameterized query to update or insert records into a database
is the best method for dealing with apostrophes (single quotes) in the
data. It has the added benefit of reducing your database to SQL injection
attacks because all of the text in a parameter is treated only as data.
Below is a very basic example of how to use command parameters. The
example is shown with SQL but it can also be used with OLEDB. Please
note: if you use parameters with OLEDB connections they must be placed
in the same order they appear in the table.
More details about SqlCommand.Parameters can be found on the
If you have any comments, questions, or suggestions please fell free
to contact us.