CODEWITHSUNDEEP
asp.netvb.netms-access
htm11h
htm11h

Reputation: 1779

escaping apostrophes with parameter query not working

I am trying to prevent from having to escape apostrophes in my string variables by using a parameterized query with a OleDbConnection, but it is not working. any help would be appreciated. I am trying to insert into an Access db and I keep getting those pesky html codes.

Any hep would be appreciated.

Dim pConn As New OleDb.OleDbConnection
pConn = New OleDbConnection(cb.ConnectionString)

Dim SqlString As String = "INSERT INTO Strings (Mlt_String_ID, Lng_ID, Strg_Name, Sht_Text, Lng_Text, Alt_Text) Values (@Mlt_String_ID,@Lng_ID,@Strg_Name,@Sht_Text,@Lng_Text,@Alt_Text)"

Using cmd As New OleDbCommand(SqlString, pConn)
    cmd.CommandType = CommandType.Text
    cmd.Parameters.AddWithValue("@Mlt_String_ID", Mlt_String_ID)
    cmd.Parameters.AddWithValue("@Lng_ID", Lng_ID)
    cmd.Parameters.AddWithValue("@Strg_Name", Strg_Name)
    cmd.Parameters.AddWithValue("@Sht_Text", Sht_Text)
    cmd.Parameters.AddWithValue("@Lng_Text", Lng_Text)
    cmd.Parameters.AddWithValue("@Alt_Text", Alt_Text)

    pConn.Open()
    cmd.ExecuteNonQuery()
    pConn.Close()
End Using

Upvotes: 0

Views: 298

Answers (1)

Chris Dunaway
Chris Dunaway

Reputation: 11216

ou didn't describe what "not working" means. Can you provide more information? Are you getting an exception? What is the exception and stack trace?

In any event, the OleDb commands do not support named parameters. Use question marks instead:

Dim SqlString As String = "INSERT INTO Strings (Mlt_String_ID, Lng_ID, Strg_Name, Sht_Text, Lng_Text, Alt_Text) Values (?,?,?,?,?,?)"

And the parameters must be added in order.

Upvotes: 1

Related Questions