I follow the syntax of INSERT INTO Table1 VALUES (value1, value2, value3…) This has

Question

0

Asked: May 25, 20262026-05-25T13:01:00+00:00 2026-05-25T13:01:00+00:00

I follow the syntax of INSERT INTO Table1 VALUES (value1, value2, value3…) This has

0

I follow the syntax of

INSERT INTO Table1
VALUES (value1, value2, value3…)

This has worked fine so far. But now I have some values that contain normal English text like “I’m going home”. The ‘ character ruins the SQL command in C#. I have written the following:

command.CommandText = "INSERT INTO Bio VALUES ('" + name + "','"I'm going home" + "');

evaluates to

INSERT INTO Bio VALUES ('Peter','I'm going home')

which obviously will not work. How do I make sure special character will not ruin the SQL statements?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T13:01:00+00:00

Editorial Team

2026-05-25T13:01:00+00:00Added an answer on May 25, 2026 at 1:01 pm

Use SqlParameter for heaven’s sake. Otherwise your program will be vulnerable to SQL Injection. It will also solve your problem with the special characters.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I follow the syntax of INSERT INTO Table1 VALUES (value1, value2, value3…) This has

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply