In my program I have this statment ......
ct = String.Format(@"select [Movie Selector] from WSTMDS3
natural prediction join
(select
'{0}'as[Age],
'{1}'as[Education Level],
'{2}'as[Gender],
'{3}'as[Home Ownership],
'{4}'as[Internet Connection],
'{5}'as[Marital Status]
)as MovieSelector",
TextBox1.Text,
DropDownList1.SelectedValue,
DropDownList2.SelectedValue,
DropDownList3.SelectedValue,
DropDownList4.SelectedValue,
DropDownList5.SelectedValue)
;
But in DropDown list1 "Education Level " I have some value like this Master' Degree how i can use the single quote ' in this statment .
thanks
You should not use string.Format
to build your queries. You should use parameterized queries.
adomdCommand.CommandText = "SELECT ... @P1 ...";
adomdCommand.Parameters.Add(new AdomdParameter("P1", TextBox1.Text));
// etc..
Related
Use SqlCommand and SqlParameter. Example
SqlCommand sqlCom=new SqlCommand();
sqlCom.CommandText=@"select [Movie Selector] from WSTMDS3
natural prediction join
(select
@P0 as[Age],
@P1 as[Education Level],
@P2 as[Gender],
@P3 as[Home Ownership],
@P4 as[Internet Connection],
@P5 as[Marital Status]
";
sqlCom.Parameters.AddWithValue("@P0",TextBox1.Text);
除了使用参数化查询外,T-SQL语法中单引号的转义方法是将它们加倍。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.