[英]how to save string variable with apostrophe using .net
我有這樣的查詢:
sql = "Select * From T_ExhibitorLocation
where F_ExhibitionCode='" & Cmb_Exhibition.SelectedValue.ToString & "'
and F_ExhibitorCode='" & Trim(Txt_ExhibitorID.Text) & "'
and F_Site='" & cmb_Site.SelectedValue.ToString &` "'"
有時我的F_site名稱帶有撇號,例如'Artist's Shell'
類的示例。 所以這一次我如何用撇號保存這個名字? 提前致謝
就像Pluntonix在評論中所說的那樣,請始終嘗試避免以這種方式構建sql命令。如果可以,請嘗試以下方式
var command = new SqlCommand("Select * From T_ExhibitorLocation
where F_ExhibitionCode=@Cmbexhibition
and F_ExhibitorCode=@exhibitioncode
and F_Site=@site");
SqlParameter param1 = new SqlParameter();
param1.ParameterName = "@Cmbexhibition";
param1.Value = Cmb_Exhibition.SelectedValue.ToString();
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@exhibitioncode";
param2.Value = Trim(Txt_ExhibitorID.Text);
SqlParameter param3 = new SqlParameter();
para3.ParameterName = "@site";
param3.Value =cmb_Site.SelectedValue.ToString();
command.Parameters.Add(param1);
command.Parameters.Add(param2);
command.Parameters.Add(param3);
然后執行它。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.