?
Solved

String and Quotes in them

Posted on 2006-11-19
3
Medium Priority
?
236 Views
Last Modified: 2010-04-16
I have the following SELECT Statement.

dbcommand.CommandText = "SELECT * FROM tblUsers WHERE Username=" + uname;

However, in order for it to work properly I have to put quotes around the reseult of the pased uname variable.  How do I do this in C#.

So if uname was passed as Mike, the SELECT statment would need to be SELECT * FROM tblUsers WHERE Username="Mike"
I can not get the quotes around the name.

Thanks
0
Comment
Question by:sneeri_c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 70

Accepted Solution

by:
Éric Moreau earned 500 total points
ID: 17975350
Hi sneeri_c,

dbcommand.CommandText = "SELECT * FROM tblUsers WHERE Username= '" + uname + "'";


Cheers!
0
 
LVL 30

Expert Comment

by:anarki_jimbel
ID: 17975790
Just to add to emoreau (that's completely right):

usually single quotes are used and the way is shown above. If you need double quotes on some a reason use escape chars:

"SELECT * FROM tblUsers WHERE Username=\"" + uname + "\"";
0
 
LVL 12

Expert Comment

by:andrewjb
ID: 17977970
Of course, this is an invitation to a code injection attack. You should use a command with parameters instead.


0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question