c# multi line strings allowing variable calling

Question

I have googled but cannot find an answer for this question:

I know about multi-line strings in c#. But how can I create a string like:

string temp = @"DECLARE @rolename varchar(max)
SET @rolename ='***' 
EXEC sp_addrolemember N'db_execute',@rolename"

* represents there I have to delcare a variable having some value like (object.variable).

Is this possible??

Answer 1

You could use string.Format:

string temp = @"DECLARE @rolename varchar(max)
SET @rolename ='{0}' 
EXEC sp_addrolemember N'db_execute',@rolename";

string result = string.Format(temp, object.variable);

Note that you are open for sql-injection attacks if object.variable is (or might be in future) a user defined variable.

Answer 2

Yes its possible:

string temp = string.Format(@"DECLARE @rolename varchar(max)
SET @rolename ='{0}' 
EXEC sp_addrolemember N'db_execute',@rolename", variable);

Answer 3

.NET supports multi-line strings, sure. The @"..." syntax is just a shortcut to make it easier in the language. However, in your specific example you should not try to concatenate the value in: that entire example should be done via parameters:

cmd.CommandText = "EXEC sp_addrolemember N'db_execute',@rolename";
cmd.Parameters.AddWithValue("rolename", yourRoleName);

Update: checking msdn, the second parameter is actually the member-name, but you might also be able to use:

cmd.CommandText = "sp_addrolemember";
cmd.CommantType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("rolename", "db_execute");
cmd.Parameters.AddWithValue("membername", yourMemberName);

Answer 4

Use string.Format method:

string temp = string.Format(@"DECLARE @rolename varchar(max)
SET @rolename ='{0}' 
EXEC sp_addrolemember N'db_execute',@rolename", variable);