Member Avatar for sdhawan

HI I ama reading text froma file that have word like "you're" and it gives me Unclosed quotation mark before the character string ') error.Can anyone help me with this .Thanks

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
using GermanDict;
using SimpleFrenchDict;
using System.Web;
using System.Text.RegularExpressions;



 namespace DicttoData
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }




        private void button1_Click(object sender, EventArgs e)
        {
            SqlConnection cn = new SqlConnection(@"Server=208.124.179.197;Database=RTLUser;UID=sa;");
            DataSet CustomersDataSet = new DataSet();
            SqlDataAdapter da = new SqlDataAdapter();
            SqlCommandBuilder cmdBuilder;
            string myString;
            DataSet ds = new DataSet();
            //cn.ConnectionString = "Server=server;Database=RTLUser;UID=sa;";
            cn.Open();
            GermanDict.DictList ins = new GermanDict.DictList();
            
            Hashtable aaa = ins.AllWords;
            StringBuilder insertCommand = new StringBuilder();
            IDictionaryEnumerator en = aaa.GetEnumerator();
            if (aaa.Count > 0)
            {
                
                while (en.MoveNext())
          
                {
                    ArrayList al = (ArrayList)en.Value;
                
                        for (int i = 0; i < al.Count; i++)
                        {

                            myString = @"INSERT INTO germanTbl (word,definition) Values('" + en.Key + "','" + al[i] + "')" ; 
                             SqlCommand myCmd = new SqlCommand(myString,cn);
                             myCmd.ExecuteNonQuery();
                        }
              
                }
                cn.Close();  
            }
            
            
        } 
            
        
    }
}
Edited by kvprajapati because: Added [code] tags. For easy readability, always wrap programming code within posts in [code] (code blocks).
  • 3 Contributors
  • 3 Replies
  • 711 Views
  • 20 Hours Discussion Span
  • Latest Post Latest Post by kvprajapati
kvprajapati commented: Use [code] tags. -2

Recommended Answers

All 3 Replies

Member Avatar for apegram

A) Look into using parameterized queries. Example:

string sql = "Insert Into SomeTable (SomeField) Values (@someField)";
SqlParameter someField = new SqlParameter("@someField", "my value");
SqlCommand command = new SqlCommand(sql, connection);
command.Parameters.Add(someField);

B) or perform some manipulation on the strings before you insert them into your SQL statements. Unescaped apostrophes wreak havoc in SQL and can leave you vulnerable for SQL injection attacks. Replace any single quote with two. Verify your types before you go to the database with them (meaning: if it's supposed to be an integer, don't allow a string, etc.). And never feed your SQL statement after midnight.

Edited by apegram because: n/a
Member Avatar for sdhawan

thanks for the reply .I am using a hashtable as you see and hastable is a reference to a dll file.I cant really change any text in the file.Is there way how i can just ignore one quotaion mark and insert it in database.Thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.