HtmlEncode and apostrophes

HtmlEncode and apostrophes

am 31.03.2008 18:47:02 von musoswire

Hi

I'm trying to code up an admin system for my website. A couple of the
welcome text paragraphs are stored in an SQL database, so that we can update
them should we need to. However, even though I'm using the HTMLEncode method
(I've also tried the URLEncode method), the apostrophe always remains, and
then when I try and do the update query, I get...

Unclosed quotation mark after the character string

The SQL is UPDATE StaticPages SET Text = 'blah' WHERE PageID = 'ABOUT'

The code only breaks when the Text variable contains an apostrophe. But, I'm
using an encoding method? Why is the apostrophe not being encoded?

Thanks,


Dan

Re: HtmlEncode and apostrophes

am 31.03.2008 18:51:52 von David Wier

the sql never hits the page, and is not shown - - it's not an HTML/urlEncode
situation - -
you'd need to double the single quotes to get SQL to recognize it, since the
update statement is a string - -
But first - I'd suggest not doing it with concatenation this way - used
parameterized queries:
http://www.aspnet101.com/aspnet101/tutorials.aspx?id=1 (2 part tutorial)


David Wier
http://aspnet101.com
http://iWritePro.com - One click PDF, convert .doc/.rtf/.txt to HTML with no
bloated markup


"musosdev" wrote in message
news:8EA4DA05-F118-47D3-A930-CA6DA3DECEBB@microsoft.com...
> Hi
>
> I'm trying to code up an admin system for my website. A couple of the
> welcome text paragraphs are stored in an SQL database, so that we can
> update
> them should we need to. However, even though I'm using the HTMLEncode
> method
> (I've also tried the URLEncode method), the apostrophe always remains, and
> then when I try and do the update query, I get...
>
> Unclosed quotation mark after the character string
>
> The SQL is UPDATE StaticPages SET Text = 'blah' WHERE PageID = 'ABOUT'
>
> The code only breaks when the Text variable contains an apostrophe. But,
> I'm
> using an encoding method? Why is the apostrophe not being encoded?
>
> Thanks,
>
>
> Dan

Re: HtmlEncode and apostrophes

am 31.03.2008 19:18:06 von musoswire

Thanks David - Parameterised queries worked first time! A good one to remember!

"David Wier" wrote:

> the sql never hits the page, and is not shown - - it's not an HTML/urlEncode
> situation - -
> you'd need to double the single quotes to get SQL to recognize it, since the
> update statement is a string - -
> But first - I'd suggest not doing it with concatenation this way - used
> parameterized queries:
> http://www.aspnet101.com/aspnet101/tutorials.aspx?id=1 (2 part tutorial)
>
>
> David Wier
> http://aspnet101.com
> http://iWritePro.com - One click PDF, convert .doc/.rtf/.txt to HTML with no
> bloated markup
>
>
> "musosdev" wrote in message
> news:8EA4DA05-F118-47D3-A930-CA6DA3DECEBB@microsoft.com...
> > Hi
> >
> > I'm trying to code up an admin system for my website. A couple of the
> > welcome text paragraphs are stored in an SQL database, so that we can
> > update
> > them should we need to. However, even though I'm using the HTMLEncode
> > method
> > (I've also tried the URLEncode method), the apostrophe always remains, and
> > then when I try and do the update query, I get...
> >
> > Unclosed quotation mark after the character string
> >
> > The SQL is UPDATE StaticPages SET Text = 'blah' WHERE PageID = 'ABOUT'
> >
> > The code only breaks when the Text variable contains an apostrophe. But,
> > I'm
> > using an encoding method? Why is the apostrophe not being encoded?
> >
> > Thanks,
> >
> >
> > Dan
>
>
>