Solved

String and Quotes in them

Posted on 2006-11-19
3
207 Views
Last Modified: 2010-04-16
I have the following SELECT Statement.

dbcommand.CommandText = "SELECT * FROM tblUsers WHERE Username=" + uname;

However, in order for it to work properly I have to put quotes around the reseult of the pased uname variable.  How do I do this in C#.

So if uname was passed as Mike, the SELECT statment would need to be SELECT * FROM tblUsers WHERE Username="Mike"
I can not get the quotes around the name.

Thanks
0
Comment
Question by:sneeri_c
3 Comments
 
LVL 69

Accepted Solution

by:
Éric Moreau earned 125 total points
ID: 17975350
Hi sneeri_c,

dbcommand.CommandText = "SELECT * FROM tblUsers WHERE Username= '" + uname + "'";


Cheers!
0
 
LVL 29

Expert Comment

by:anarki_jimbel
ID: 17975790
Just to add to emoreau (that's completely right):

usually single quotes are used and the way is shown above. If you need double quotes on some a reason use escape chars:

"SELECT * FROM tblUsers WHERE Username=\"" + uname + "\"";
0
 
LVL 12

Expert Comment

by:andrewjb
ID: 17977970
Of course, this is an invitation to a code injection attack. You should use a command with parameters instead.


0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now