user3830198
Reputation:
Quotes at end of inline query
I recently looked through some old code for database access layer. I found some inline queries of the following form:
string query = "SELECT COL1 FROM TABLE1 WHERE COL3 = " + colvalue + "";
I was wondering why the developer had appended the query with double quotes at the end. Is this convention or does it have any significance?
Upvotes: 0
Views: 94
Answers (2)
Rohit
Reputation: 1550
Seems like there was some extra query between "" like where etc. However it does not affect the functionality.
It is always a good practice to use parameters for this kind of work.
Upvotes: 0
Hirav Sampat
Reputation: 196
It doesnt make any difference at all...
neither does it help to prevent sql-injection
use command parameters or stored procedures to prevent sql-injection
Upvotes: 2
Related Questions
- Escape single quote in sql query c#
- Extra Quotation Mark in SQL Query
- How to fix Inline C# query that is prone to SQL injection
- Struggling with Escaping Single Quotes in SQL Query C# QODBC
- SQL Query with single quotes retrieves no record
- Passing Double Quotes in asp.net
- SQL Query with single quotes
- SQL Escaping character for quotation mark
- Escape single quote in adhoc query
- How to put double quotes in ADO.NET query?