Hi, I have a multiline textbox on my web form. whenever I use apostrophe in the text, I get an error. e.g if I am using the word party's, the error would be:-

Incorrect syntax near 's'. Unclosed quotation mark before the character sring".

does that mean I need to parse my string to check if any quotes/apostrophe has been used OR there is a way where I can tell to allow any kind of data in the textbox?

Thanks
Renu

You need to find ' and replace with '' otherwise SQL will throw it back at you. If you use command parameters on your command object, you can safely assign the parameter values directly from the source controls and not need to manually handle the apostrophies.

I wrote a function to replace all single quotes with double and it worked. But, I don't get what you mean by "command parameters on command object". Just for my own curosity I would like to know if there is any other way to accomplish the same thing.

Thanks

Well, seeing as you posted this message in the ASPX forum, I'm assuming that you are using some ADO.NET classes to make database calls. For example: System.Data.SqlClient.Connection and System.Data.SqlClient.Command. The Command objects for the SqlClient as well as the other native .NET database clients have a parameters collection into which you add an instance of the appropriate parameter class. When you assign one of these parameters a value, the class itself handles the escaping of the necessary SQL characters. So you can create a query: "UPDATE MyTable SET myField = @myParameter", then set the parameter "@myParameter" value to "mc'value" and the parameter class or the command class (which one is really irrelevant) will automatically generate the correct complete SQL string: "UPDATE MyTable SET myField = 'mc''value'"