-1

HI I ama reading text froma file that have word like "you're" and it gives me Unclosed quotation mark before the character string ') error.Can anyone help me with this .Thanks

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
using GermanDict;
using SimpleFrenchDict;
using System.Web;
using System.Text.RegularExpressions;



 namespace DicttoData
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }




        private void button1_Click(object sender, EventArgs e)
        {
            SqlConnection cn = new SqlConnection(@"Server=208.124.179.197;Database=RTLUser;UID=sa;");
            DataSet CustomersDataSet = new DataSet();
            SqlDataAdapter da = new SqlDataAdapter();
            SqlCommandBuilder cmdBuilder;
            string myString;
            DataSet ds = new DataSet();
            //cn.ConnectionString = "Server=server;Database=RTLUser;UID=sa;";
            cn.Open();
            GermanDict.DictList ins = new GermanDict.DictList();
            
            Hashtable aaa = ins.AllWords;
            StringBuilder insertCommand = new StringBuilder();
            IDictionaryEnumerator en = aaa.GetEnumerator();
            if (aaa.Count > 0)
            {
                
                while (en.MoveNext())
          
                {
                    ArrayList al = (ArrayList)en.Value;
                
                        for (int i = 0; i < al.Count; i++)
                        {

                            myString = @"INSERT INTO germanTbl (word,definition) Values('" + en.Key + "','" + al[i] + "')" ; 
                             SqlCommand myCmd = new SqlCommand(myString,cn);
                             myCmd.ExecuteNonQuery();
                        }
              
                }
                cn.Close();  
            }
            
            
        } 
            
        
    }
}

Edited by __avd: Added [code] tags. For easy readability, always wrap programming code within posts in [code] (code blocks).

Votes + Comments
Use [code] tags.
3
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by __avd
0

A) Look into using parameterized queries. Example:

string sql = "Insert Into SomeTable (SomeField) Values (@someField)";
SqlParameter someField = new SqlParameter("@someField", "my value");
SqlCommand command = new SqlCommand(sql, connection);
command.Parameters.Add(someField);

B) or perform some manipulation on the strings before you insert them into your SQL statements. Unescaped apostrophes wreak havoc in SQL and can leave you vulnerable for SQL injection attacks. Replace any single quote with two. Verify your types before you go to the database with them (meaning: if it's supposed to be an integer, don't allow a string, etc.). And never feed your SQL statement after midnight.

Edited by apegram: n/a

0

thanks for the reply .I am using a hashtable as you see and hastable is a reference to a dll file.I cant really change any text in the file.Is there way how i can just ignore one quotaion mark and insert it in database.Thanks

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.