Hey guys, basically i am inserting data into a database using input from text boxes.
1. Values from text boxes are read into string variables
2. Concatenate the sql update query
string strSQL = "UPDATE Food SET Food_Name = '" + Food_Name + "', Food_Brand = '" + Food_Brand + "', Image ='" + Image + "', Food_Description='" + Food_Description + "', Weight='" + Weight + "', Food_Price='" + Food_Price + "', Stock='" + Stock + "', Fat_Content='" + Fat_Content + "', Expiry_Date='" + Expiry_Date + "', Servings='" + Servings + "' WHERE barcode_number = '" + barcode_number + "'";
Problem is – as the image variable contains parenthesis (<img src="hello.jpg">) when the code runs it stops at the first ". eg so its running Update food set... image=' "
basically i just want to figure out how to escape the " from the variable but have had no luck with google. I've read about string literals (@) but have no idea how to apply it to this situation.
dBforums
>
ASP.NET C# Problem with database update
11-10-09, 05:07
Linear Mode
