Reputation: 6085
Escape quote in web.config connection string
I have a connection string in my web config:
<add name="MyConString" connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass"word" providerName="System.Data.SqlClient" />
As you see, there is a quotation sign ( " ) in the password (given from other dept. I can't change this db users password).
How do I have to escape the quote in this connection string?
Btw: I already tried & quot; in the string. That didn't work - ado.net got an ArgumenException then: "Format of the initialization string does not conform to specification starting at index 57." 57 is where the & quot; is in my connection string. I also tried enclosing the password part in ' - didn't work either.
Also tried "" and \" - web.config can't be parsed then.
Thanks for the solution:
I had to combine the escaping of the double quote and putting the password in single quotes:
<add name="MyConString" connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass"word'" providerName="System.Data.SqlClient" />
Upvotes: 101
Views: 135098
Answers (3)
Reputation: 12731
connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass"word"
Since the web.config is XML, you need to escape the five special characters:
& -> & ampersand, U+0026
< -> < left angle bracket, less-than sign, U+003C
> -> > right angle bracket, greater-than sign, U+003E
" -> " quotation mark, U+0022
' -> ' apostrophe, U+0027
+ is not a problem, I suppose.
Duc Filan adds:
You should also wrap your password with single quote ':
connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass"word'"
Upvotes: 76
Reputation: 186
Odeds answer is almost complete. Just one thing to add.
- Escape xml special chars like Emanuele Greco said.
- Put the password in single quotes like Oded said
- (this one is new) Escape single ticks with another single tick (ref)
having this password="'; this sould be a valid connection string:
connectionString='Server=dbsrv;User ID=myDbUser;Password='"&&;'
Upvotes: 1
Reputation: 499252
Use " instead of " to escape it.
web.config is an XML file so you should use XML escaping.
connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass"word"
See this forum thread.
Update:
" should work, but as it doesn't, have you tried some of the other string escape sequences for .NET? \" and ""?
Update 2:
Try single quotes for the connectionString:
connectionString='Server=dbsrv;User ID=myDbUser;Password=somepass"word'
Or:
connectionString='Server=dbsrv;User ID=myDbUser;Password=somepass"word'
Update 3:
From MSDN (SqlConnection.ConnectionString Property):
To include values that contain a semicolon, single-quote character, or double-quote character, the value must be enclosed in double quotation marks. If the value contains both a semicolon and a double-quote character, the value can be enclosed in single quotation marks.
So:
connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass"word'"
The issue is not with web.config, but the format of the connection string. In a connection string, if you have a " in a value (of the key-value pair), you need to enclose the value in '. So, while Password=somepass"word does not work, Password='somepass"word' does.
Upvotes: 121
Related Questions
- Escaping double quotes in connection string in appsettings.json
- Connection string with ASP.Net
- How to escape an '&' in the password of a connection string
- Using connection string from web.config
- Missing required whitespace from connection string in Web.config
- escape quotes and @ in web.configs
- connection string from web.config fails where identical hard-coded string succeeds (ASP.NET with C#)
- double quotes inside double quotes
- including a connection string generates error in asp.net site
- web.config and quotes in connectionStrings