How to insert single quote and comma in one column

Question

My code is as below '''a','b','c'''.

Dim abc As String = "''a','b','c''"
sqlselect.Connection = con
sqlselect.CommandText = "insert into table1(Name1) values ('" & abc  & "')"

It gives the error:

Syntax error (missing operator)

in the query expression

why not use parametric queries – Manoj Purohit Feb 13 '13 at 09:23 — Manoj Purohit, Feb 13 '13 at 09:23

score 4 · Accepted Answer · edited May 23 '17 at 11:58

4

You use parametrized query not string concatenation

Dim a As String = "'a', 'b', 'c'"

sqlselect.Connection = con
sqlselect.CommandText = "insert into table1(Name1) values (@a)"
sqlselect.Parameters.AddWithValue("@a", a)
sqlselect.ExecuteNonQuery()

This assuming you have only one column named Name1.

The parametrized queries are the only way to go because they offer protection against SQL Injections and help you treating the parsing of strings, dates, decimal numbers

edited May 23 '17 at 11:58

Community

1
1

answered Feb 13 '13 at 09:24

Steve

213,761
22
232
286

Of course. Use always parametrized query. There are very few exceptions to this rule. – Steve Feb 13 '13 at 09:40

How to insert single quote and comma in one column

1 Answers1