Greg
Reputation: 33
Error in datatable select statement in c#
I have a SELECT statement I'm running on a data table. The problem is that it gives me the error "the expression contains an invalid string constant". I know it has to do with the single quote at the end of my query but i cannot think of why its not working. Here is the code:
DataRow[] foundRow = dt.Select("Student='" + Student.ID + "' AND [Student Description]='" + Student.AbsenceDescription.Trim() + "'");
Upvotes: 1
Views: 2595
Answers (1)
Wolfwyrd
Reputation: 15906
This looks like a classic SQL injection problem. What if the description contains a single apostrophe i.e. "Wasn't available", this will break your code. In addition, if Student is an integer value (i.e. it is an integer/auto-incrementing ID or equivalent in your DB) it should not be wrapped in quotes, giving you -
DataRow[] foundRow = dt.Select("Student=" + Student.ID + " AND [Student Description]='" + Student.AbsenceDescription.Trim() + "'");
Upvotes: 4
Related Questions
- Can't select DataRow from DataTable
- DataTable.Select() not working
- Issue with data table Select statement
- DataTable.Select
- Problem with DataTable.Select
- Datatable error in c#
- Exception when making select on datatable
- syntax error in expression when trying to select from a DataTable
- select from table with row number to c# datatable gives an error
- Problem with DataTable.Select method