开发者

DataTable DataRow Select String with Quotation Marks

My string include quotation mark; the select statement crash.

vm_TEXT_string = "Hello 'French' People";
vm_DataTable_SELECT_string = "[MyField] = '" + vm_TEXT_string + "'";
DataRow[] o_DataRow_ARRAY_Found = vco_DataTable.Select (vm_DataTable_SELECT_string);

I cannot use this statement: string filter = "[MyColumn]" + " LIKE '%" + SearchWord + "%'";

I found string format:

Data开发者_运维知识库Row[] oDataRow = oDataSet.Tables["HasDiseas"].Select ( string.Format ( "DName='{0}'", DiseasListBox.SelectedItem.ToString () ) );

Any suggestion to selecta string with quotation mark?

Thank you, Rune


For a datatable, you can replace the single quotation mark with two quotation marks:

string.Format("DName='{0}'", DiseasListBox.SelectedItem.ToString().Replace("'", "''")

But keep in mind that you should not do this with actual sql queries. It's possible for crackers to abuse that technique to send undesirable queries to your database.

Another option is to do something like this:

IEnumerable<DataRow> rows = oDataSet.Tables["HasDiseas"].Where(r => r["DName"] == DiseasListBox.SelectedItem.ToString());


This depends on your database engine, but generally, you can escape the single quote (') with two single quotes ('').

Although, the best way to do it is to use a parametrized query, which will do the special character escaping for you.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜