单引号在字符串插入数据库期间转义 [英] single quotes escape during string insertion into a database

问题描述

使用'时，插入失败。
示例字符串是：他是一个男孩。
我尝试使用转义符跳过'，但我认为这不是正确的方法。

Insertion fails when "'" is used. example string is: He's is a boy. I've attempted to skip the "'" using an escape symbol , but I believe this is not the right way.

textBox3.Text.Replace("'", " \'");
string sql= "insert into gtable (1text,1memo) values ('"+textBox3.Text+"',null)";
        OleDbCommand cmd = new OleDbCommand(sql, con);

        con.Open();
        cmd.ExecuteNonQuery();
        con.Close();

我可以用`替换`，但这会改变db。

I did have the option of replacing "'" with "`" but this changes the text in the db as well. I wish to retain "'" as the same , and also insert it into the db.

推荐答案

尝试

string sql= "insert into gtable (1text, 1memo) " + 
            "values ('" + textBox3.Text.Replace("'", "''") + "', null)";

这篇关于单引号在字符串插入数据库期间转义的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！