ASP - how to remove single quote from user input text

answer  = Request.Form("Text" & i) 

In a form a user inputs random text which is inserted into a database. Currently if the user puts in single quotes it creates an error.开发者_Go百科 How do i remove just single quotes' from the users answer?

Use

answer.Replace("\'", "");

The above will replace the Single quote.

Right way to solve this problem is use parameters when inserting to database. instead of:

SqlCommand cmd = new SqlCommand("INSERT INTO TABLE VALUES ('" + answer + "')");

use

SqlCommand cmd = new SqlCommand("INSERT INTO TABLE VALUES (@answer)",answer);

answer was to use ... Replace(answer, "'", "")

' are escaped by doubling, i.e replacing ' with 2 x ' for example "Ralph''s".

However you are far better off using parametrized statements with command objects which will take care of that for you.