E J Chathuranga E J Chathuranga - 4 days ago 4
C# Question

how to add single quotation as a string in a query?

I'm trying to get file destination path using a text box and pass it into the database.(Developing in Visual Studio) When the query is running below error is displayed....

enter image description here

The method

updateClark
in the
user
class is shown below

public void updateClark(string _cid, string _path)
{
SqlCommand cmd = new SqlCommand(@"UPDATE tbl_Path SET folder_path='" + _path + "' WHERE clark_id='" + _cid + "'", ConnectionDB.connection());
cmd.ExecuteNonQuery();
}


What I missed in my code?

Answer

Now that you edited your question to include the actual relevant code, you should do something like this:

public void updateClark(string _cid, string _path)
{
    string command = "UPDATE tbl_Path SET folder_path=@folderPath WHERE clark_id=@clarkId";

    using (SqlCommand cmd = new SqlCommand(command, ConnectionDB.connection()))
    {
       cmd.Parameters.AddWithValue("folderPath", _path);
       cmd.Parameters.AddWithValue("clarkId", _cid);
       cmd.ExecuteNonQuery();
    }
}