开发者

Escape single quote in adhoc query

问答 作者:

I have the following query:

MySqlCommand command = new MySqlCommand(
@"SELECT `Customer ID`, `First Name`, `Last Name`, `Role` 
  FROM `Contacts` WHERE `Customer ID` = '" + custome开发者_Python百科rID + "'", connection);

If a customer ID has an apostrophe within, (i.e. Adam's Meat), I get the error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Meat'' at line 1

What is the best way to make this query work?

You should use Parameters instead, this way you also prevent SQL Injection:

MySqlCommand command = new MySqlCommand(@"SELECT `Customer ID`, `First Name`, `Last Name`, `Role` FROM `Contacts` WHERE `Customer ID` = ?CostumerID", connection);
command.Parameters.Add("?CustomerID", customerID);

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9