Escaping the ' character

This forum is for programmers who have questions about the source code.
Post Reply
User avatar
wjstarck
Posts: 941
Joined: Tue Jul 31, 2007 7:18 am
Location: Keller, TX
Contact:

Escaping the ' character

Post by wjstarck » Fri Jan 07, 2011 8:34 am

How do I escape the ' character in the following code?

Code: Select all

string command = "INSERT INTO anesthpcpref(PCName,ChangeLog) VALUES ('" + POut.String(thisPCName) + "','" + POut.String(ChangeLog) + "'" + ")";
DataCore.NonQ(command);
If the ChangeLog string has a ' in it, it's breaking the MySQL query.

Thanks.
Cheers,

Bill Starck, DDS
Big Idea Software, LLC
Developer, EASy(Electronic Anesthesia System) for Open Dental
817-807-1709
TX, USA

User avatar
wjstarck
Posts: 941
Joined: Tue Jul 31, 2007 7:18 am
Location: Keller, TX
Contact:

Re: Escaping the ' character

Post by wjstarck » Fri Jan 07, 2011 9:35 am

Well, OK, nevermind.

The UPDATE statement in this code block had an extra space between the " and the WHERE, which is what was actually breaking the MySQL

Code: Select all

if (GetPCName(thisPCName) == "")
            {
                string command = "INSERT INTO anesthpcpref(PCName,ChangeLog) VALUES ('" + POut.String(thisPCName) + "','" + POut .String(ChangeLog) + "'" + ")";
                DataCore.NonQ(command);
            }
            else
            {
                string command = "UPDATE anesthpcpref SET ChangeLog = '" + POut.String(ChangeLog) + "'" + " WHERE PCName = '" + POut.String(thisPCName) + "'";
                DataCore.NonQ(command);
            }
Cheers,

Bill Starck, DDS
Big Idea Software, LLC
Developer, EASy(Electronic Anesthesia System) for Open Dental
817-807-1709
TX, USA

Post Reply