HI I ama reading text froma file that have word like "you're" and it gives me Unclosed quotation mark before the character string ') error.Can anyone help me with this .Thanks

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
using GermanDict;
using SimpleFrenchDict;
using System.Web;
using System.Text.RegularExpressions;



 namespace DicttoData
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }




        private void button1_Click(object sender, EventArgs e)
        {
            SqlConnection cn = new SqlConnection(@"Server=208.124.179.197;Database=RTLUser;UID=sa;");
            DataSet CustomersDataSet = new DataSet();
            SqlDataAdapter da = new SqlDataAdapter();
            SqlCommandBuilder cmdBuilder;
            string myString;
            DataSet ds = new DataSet();
            //cn.ConnectionString = "Server=server;Database=RTLUser;UID=sa;";
            cn.Open();
            GermanDict.DictList ins = new GermanDict.DictList();
            
            Hashtable aaa = ins.AllWords;
            StringBuilder insertCommand = new StringBuilder();
            IDictionaryEnumerator en = aaa.GetEnumerator();
            if (aaa.Count > 0)
            {
                
                while (en.MoveNext())
          
                {
                    ArrayList al = (ArrayList)en.Value;
                
                        for (int i = 0; i < al.Count; i++)
                        {

                            myString = @"INSERT INTO germanTbl (word,definition) Values('" + en.Key + "','" + al[i] + "')" ; 
                             SqlCommand myCmd = new SqlCommand(myString,cn);
                             myCmd.ExecuteNonQuery();
                        }
              
                }
                cn.Close();  
            }
            
            
        } 
            
        
    }
}

Edited 6 Years Ago by __avd: Added [code] tags. For easy readability, always wrap programming code within posts in [code] (code blocks).

Comments
Use [code] tags.

A) Look into using parameterized queries. Example:

string sql = "Insert Into SomeTable (SomeField) Values (@someField)";
SqlParameter someField = new SqlParameter("@someField", "my value");
SqlCommand command = new SqlCommand(sql, connection);
command.Parameters.Add(someField);

B) or perform some manipulation on the strings before you insert them into your SQL statements. Unescaped apostrophes wreak havoc in SQL and can leave you vulnerable for SQL injection attacks. Replace any single quote with two. Verify your types before you go to the database with them (meaning: if it's supposed to be an integer, don't allow a string, etc.). And never feed your SQL statement after midnight.

Edited 6 Years Ago by apegram: n/a

thanks for the reply .I am using a hashtable as you see and hastable is a reference to a dll file.I cant really change any text in the file.Is there way how i can just ignore one quotaion mark and insert it in database.Thanks

This question has already been answered. Start a new discussion instead.