Reputation: 1219
Double double quotes in the string
In c#: I need to create oracle query string like this:
string orQr = @"
SELECT ""Date"", ""Key""
FROM TBL
";
I need to do it dynamicly. But there is a problem with escaping double-double quotes.
How to do that? This is a little mad ;-) and doesn't work:
string quotes = @"""""";
string subSlct = quotes + "Date" + quotes + ", " + quotes + "Key" + quotes;
string orQrB = @"
SELECT " + subSlct + @"
FROM TBL
";
(the result is: SELECT \"\"Date\"\", \"\"Key\"\"\ FROM TBL )
Upvotes: 1
Views: 1794
Answers (4)
Reputation: 68660
Your quotes variable is adding two double quotes, instead of one. Change this:
string quotes = @"""""";
to this:
string quotes = @"""";
Also:
There's nothing wrong with
string.Format("SELECT \"{0}\", \"{1}\" FROM TBL", a, b);Your code is susceptible to SQL injection.
In general, you'd want to use parameterized queries, but since these don't allow parameterized column names, you'll want to at the very least sanitize the input yourself and check for illegal characters (e.g.,
;,--).
Upvotes: 4
Reputation: 6617
Don't construct your query by string concatenation. You open yourself to SQL injection attacks. Use parameterized queries and you will also be able to include the quotes more easily.
Upvotes: 2
Related Questions
- How can I escape double quotes in a string?
- string with quotes in C#
- How to include quotes in a string
- How to use a string with quotation marks inside it?
- How to deal with quotes within quotes in C#?
- Escape double quotes in a C# string
- Double Block Quote with String not working
- Replacing quotes with double quotes
- C# two double quotes
- Issue with multiple quotes in string