How to add parameter val containing single quote

prog · May 23rd, 2005, 09:41 AM

I am adding a parameter value to an OracleCommand parameter. If I add a value that does NOT contain a single quote, the query works and I get the expected results returned. If I add a value that contains a single quote, such as "'CJ','CL','CP'", I get ORA-01403 returned (no rows found). I have tried preceding each single quote with another single quote, preceding each single quote with a backslash, and each of these with preceding the entire string with '@'. None of these syntaxes work. It appears that ADO stops reading as soon as it hits the first single quote. I am working in Visual Studio .NET 2003 in C#. The where clause needs to search for multiple values (e.g., WHERE work_schedule IN ('CJ','CL','CP')).

I know that parameterized queries are the correct way to handle these queries, and I have been using them in C for years. I can't believe that there is no way to create a parameterized query in C# .net where the where clause must search for multiple values.

Does anyone know how to do this??

Thanks

planoie · May 23rd, 2005, 05:53 PM

There is a suitable command class to match the connection class you are using. The command class has a parameters collection which you can populate with the necessary values and parameter names (where usable). You'll need to read up on the right command class for the connection you're using (SqlConnect, OleDbConnection, etc). The way you structure a query differs based on the connection type.

-Peter

prog · May 24th, 2005, 08:43 AM

Quote:

quote:Originally posted by planoie
There is a suitable command class to match the connection class you are using. The command class has a parameters collection which you can populate with the necessary values and parameter names (where usable). You'll need to read up on the right command class for the connection you're using (SqlConnect, OleDbConnection, etc). The way you structure a query differs based on the connection type.

-Peter

I am aware of the command class and the parameters colletion that goes with it. Please see the documentation at http://msdn.microsoft.com/library/de...eterstopic.asp. This works. The problem occurs when setting the .Value to a string that contains a single quote. The documentation states 'The user may be required to use escape character syntax if the stored procedure name contains any special characters.' I have found that this also applies to the string being passed to .Value. However, the escape characters I have tried (another single quote, backlash, '@') do not work. I need an alternate way to assign a string containing a single quote as a Parameter.

Thanks

planoie · May 24th, 2005, 09:24 AM

We have code that works with both MSSQL and Oracle (using the OleDbCommand/Connection). The only change I've found necessary is to modify a raw sql command to change ' to ''. The parameters are supposed to take care of this automatically so it's only necessary in concatenated command string. If the ' to '' change doesn't work for you than I don't know what the problem is.

-Peter