When trying to save a record I am unable to enter in ' or " into a text box

[bkedersha]

When I enter in aaa'aaa4"4aaa then try to excute the save query, I received the following error. I believe this is caused by the text sting going into the query text. Is there anyway around this error?

 

 

 

Server Error in '/' Application.

--------------------------------------------------------------------------------

 

Line 1: Incorrect syntax near 'aa1'. Unclosed quotation mark before the character string ''.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

 

 

Exception Details: System.Data.SqlClient.SqlException: Line 1: Incorrect syntax near 'aa1'. Unclosed quotation mark before the character string ''.

Source Error:

 

 

Line 136: dim Cmd as new SQLCommand(strSQL,conn)

Line 137: Cmd.connection.open()

Line 138: Cmd.ExecuteNonQuery()

Line 139: Cmd.connection.close()

Line 140:

 

 

Source File: D:\GrantManagementWeb\GrantAddNew.aspx Line: 138

 

Stack Trace:

 

 

[sqlException: Line 1: Incorrect syntax near 'aa1'.

Unclosed quotation mark before the character string ''.]

System.Data.SqlClient.SqlCommand.ExecuteNonQuery() +180

ASP.GrantAddNew_aspx.ExeStatement(Object strSQL) in D:\GrantManagementWeb\GrantAddNew.aspx:138

ASP.GrantAddNew_aspx.dataSave_onClick(Object Sender, EventArgs e) in D:\GrantManagementWeb\GrantAddNew.aspx:128

System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108

System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57

System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18

System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33

System.Web.UI.Page.ProcessRequestMain() +1292

 

 

 

 

--------------------------------------------------------------------------------

Version Information: Microsoft .NET Framework Version:1.1.4322.2300; ASP.NET Version:1.1.4322.2300 :confused: :confused:

[kahlua001]

the ' in your string is terminating the rest of the characters. Either double up on your quotes before you execute your sql statement or use sqlcommand parameters.