Incorrect syntax near ''. Unclosed quotation mark after the character string ' '

Question

I\'m just wondering if someone could point me in the right direction here, I think i\'ve been looking at it for too long so can\'t see the mistake.

The following code:

Answer 1

Indeed Parameterized SQL is safer - I use it as well:

string mySqlStmt = "UPDATE tbSystem SET systemCode_str = @systemCode_str, systemName_str = @systemName_str";

            using (var conn = new SqlConnection(myConnStr))
            using (var command = new SqlCommand(mySqlStmt, conn)
            {

                CommandType = CommandType.Text

            })
            {
                //add your parameters here - to avoid SQL injection
                command.Parameters.Add(new SqlParameter("@systemCode_str", "ABZ"));
                command.Parameters.Add(new SqlParameter("@systemName_str", "Chagbert's Shopping Complex"));

                //now execute SQL
                conn.Open();
                command.ExecuteNonQuery();
                conn.Close();
            }

You will note that with parameterized SQL I do not have to worry about quotation marks in my values as in the quotation " ' " in "Chagbert's Shoppin..." above