CODEWITHSUNDEEP
c#stringconcatenation
Brendan
Brendan

Reputation: 13

C# newbie string concatenation question

I have the following code in a project I'm working on: 

foreach(DataTable myTable in myDataSet.Tables)
{
string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = "'" + myTable.TableName + "'"
MessageBox.Show(sSQL);
}

For some reason, the second apostrophe (') is not getting added to the string. In fact, anything I try to append after myTable.TableName, doesn't get appended. If I replace myTable.TableName with the name of a table, it works! If I use a variable, and set that to a table name, it works too!

Can anyone tell me what I'm doing wrong here?

Thanks for any information!

Upvotes: 0

Views: 224

Answers (10)

Scott Munro
Scott Munro

Reputation: 13576

Try this.

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'";

Upvotes: 0

Paulo Santos
Paulo Santos

Reputation: 11567

In my opinion, you should avoid building concatenated SQL strings in your code. It's simply evil doing things like that.

However, if you must, try something like this:

foreach(DataTable myTable in myDataSet.Tables)
{
    string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + 
                       myTable.TableName.Replace("'", "''") + "'";
    MessageBox.Show(sSQL);
}

Upvotes: 0

Mike Richards
Mike Richards

Reputation: 5667

Others have answered this, but on top of those answers, for this it's easier to use string.Format

var sSQL = string.Format("Select 'Name' FROM _Columns WHERE 'Table' = '{0}'", myTable.TableName);

Upvotes: 0

Antony Scott
Antony Scott

Reputation: 21998

it's not being added because you're ending the string just before it.

take a look at string.Format as an alternative way of constructing strings.

as other(s) have said tat code shouldn't even compile.

Upvotes: 0

Nathan Ratcliff
Nathan Ratcliff

Reputation: 1502

Too many double quotes.

You might try this for easier reading:

string sSQL = string.Format("SELECT `Name` FROM _Columns WHERE `Table` = '{0}'", myTable.TableName)

Should accomplish the same thing.

Upvotes: 0

Guffa
Guffa

Reputation: 700222

That won't even compile, you are ending the string before the first apostrophe.

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'"

Upvotes: 2

zellio
zellio

Reputation: 32484

you have one too many "

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = "'" + myTable.TableName + "'"

should be

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'"

Also why aren't you using an entity framework like LINQ?

Upvotes: 1

sternr
sternr

Reputation: 6506

To put a " inside a string you need to add an escape char before: \"

Upvotes: 1

Yahia
Yahia

Reputation: 70369

try

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'";

BEWARE that this code is wide open to SQL injection which is a massive security problem...
Better use Queries with parameters instead!

Upvotes: 1

Nahydrin
Nahydrin

Reputation: 13507

Your string should look like this:

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'";

Upvotes: 0

Related Questions