Use parameterized queiries.
Code:DIM ID as integer = 15 dim MyName as String = "O'Riely" SqlCommand.CommandText = "UPDATE TABLE SET MyName=@MN WHERE ID=@ID" SqlCommand.Parameters.AddWithValue("@MN",MyName) SqlCommand.Parameters.AddWithValue("@ID",ID) SqlCommand.ExequteNonQuery
Reply With Quote
