amin
Reputation: 59
Random special characters in insert
I have the following Code in C# ( Sql server (LocalDB)\v11.0) If Definition property has no special character , the Insert executed. but some times it has an unknown special character in it , and i recive the Error.
for()
{
if(){
DB.Docommand("INSERT INTO Test5(P_Def) VALUES('"+ pro.Definition + "')");
}
}
in database the data type is nvarchar(Max) but i receive the following error:
incorrect syntax near .....
I want to insert my property with special characters. What can id do? Thanks
Upvotes: 1
Views: 108
Answers (1)
Sergey Kalinichenko
Reputation: 726549
Parameterize your insert. In addition to gaining an ability to insert strings with any characters that are valid inside nvarchar, you will also fix a major security problem by avoiding a potential sql injection attack:
var cmd = new SqlCommand("INSERT INTO Test5(P_Def) VALUES(@Def)", con);
cmd.Parameters.AddWithValue("@Def", pro.Definition);
Upvotes: 5
Related Questions
- UTF-8 character gets changed in INSERT statement on MS-SQL-Server
- SQL Server changes characters in insert
- single quotes escape during string insertion into a database
- insert into sql db a string that contain special character '
- Escape special characters in SQL INSERT INTO via C#
- sql character encoding non English character
- insert special character into SQL Server 2008 database from c#
- SQl Server insert Special characters
- Special character insertion in MS SQL Server 2008
- string " ' " issue when inserting into DB