Open Dental Forum

Hosted By Open Dental
http://opndn.com/forum/

Escaping the ' character

http://opndn.com/forum/viewtopic.php?t=3247

Page 1 of 1

Escaping the ' character

Posted: Fri Jan 07, 2011 8:34 am
by wjstarck
How do I escape the ' character in the following code?

Code: Select all

string command = "INSERT INTO anesthpcpref(PCName,ChangeLog) VALUES ('" + POut.String(thisPCName) + "','" + POut.String(ChangeLog) + "'" + ")";
DataCore.NonQ(command);
If the ChangeLog string has a ' in it, it's breaking the MySQL query.

Thanks.

Re: Escaping the ' character

Posted: Fri Jan 07, 2011 9:35 am
by wjstarck
Well, OK, nevermind.

The UPDATE statement in this code block had an extra space between the " and the WHERE, which is what was actually breaking the MySQL

Code: Select all

if (GetPCName(thisPCName) == "")
            {
                string command = "INSERT INTO anesthpcpref(PCName,ChangeLog) VALUES ('" + POut.String(thisPCName) + "','" + POut .String(ChangeLog) + "'" + ")";
                DataCore.NonQ(command);
            }
            else
            {
                string command = "UPDATE anesthpcpref SET ChangeLog = '" + POut.String(ChangeLog) + "'" + " WHERE PCName = '" + POut.String(thisPCName) + "'";
                DataCore.NonQ(command);
            }
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited