HI I ama reading text froma file that have word like "you're" and it gives me Unclosed quotation mark before the character string ') error.Can anyone help me with this .Thanks

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
using GermanDict;
using SimpleFrenchDict;
using System.Web;
using System.Text.RegularExpressions;

 namespace DicttoData
    public partial class Form1 : Form
        public Form1()

        private void button1_Click(object sender, EventArgs e)
            SqlConnection cn = new SqlConnection(@"Server=;Database=RTLUser;UID=sa;");
            DataSet CustomersDataSet = new DataSet();
            SqlDataAdapter da = new SqlDataAdapter();
            SqlCommandBuilder cmdBuilder;
            string myString;
            DataSet ds = new DataSet();
            //cn.ConnectionString = "Server=server;Database=RTLUser;UID=sa;";
            GermanDict.DictList ins = new GermanDict.DictList();
            Hashtable aaa = ins.AllWords;
            StringBuilder insertCommand = new StringBuilder();
            IDictionaryEnumerator en = aaa.GetEnumerator();
            if (aaa.Count > 0)
                while (en.MoveNext())
                    ArrayList al = (ArrayList)en.Value;
                        for (int i = 0; i < al.Count; i++)

                            myString = @"INSERT INTO germanTbl (word,definition) Values('" + en.Key + "','" + al[i] + "')" ; 
                             SqlCommand myCmd = new SqlCommand(myString,cn);
kvprajapati commented: Use [code] tags. -2

A) Look into using parameterized queries. Example:

string sql = "Insert Into SomeTable (SomeField) Values (@someField)";
SqlParameter someField = new SqlParameter("@someField", "my value");
SqlCommand command = new SqlCommand(sql, connection);

B) or perform some manipulation on the strings before you insert them into your SQL statements. Unescaped apostrophes wreak havoc in SQL and can leave you vulnerable for SQL injection attacks. Replace any single quote with two. Verify your types before you go to the database with them (meaning: if it's supposed to be an integer, don't allow a string, etc.). And never feed your SQL statement after midnight.

thanks for the reply .I am using a hashtable as you see and hastable is a reference to a dll file.I cant really change any text in the file.Is there way how i can just ignore one quotaion mark and insert it in database.Thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.