Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5449
  • Last Modified:

c# replace double quotes

I searched hundreds of entries and tried tons of examples - I cannot find how to replace double quotes so my sql insert will run.
This runs for single quotes:
memberID = memberID.Replace("'","''");
so I need the same thing for double quotes.

Also, does a replace work on all the characters in the string or just once?
0
dcass
Asked:
dcass
2 Solutions
 
Jaime OlivaresSoftware ArchitectCommented:
To replace double quotes:

memberID = memberID.Replace("\"","other");

Replace method will replace all ocurrences
0
 
dcassAuthor Commented:
Will this show the double quotes back in the text like the single quote solution will?
0
 
dcassAuthor Commented:
What other characters will interfere with an insert?
How about ampersand?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PedroBuhigasCommented:
I think what you're after is:
memberID = memberID.Replace("\"\"","other");
0
 
Jaime OlivaresSoftware ArchitectCommented:
I think you just have to worry about the single quote, not double quote or other.
I use to replace the single quote with a tick (`):

memberID = memberID.Replace("'","`");
0
 
Jaime OlivaresSoftware ArchitectCommented:
but if you want to avoid to use all these, better you use parameters instead.
have a look to:
http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
read "Parameterised Queries" section.
0
 
carlsiyCommented:
why not use....
memberID=@memberID
0
 
Tony McCreathTechnical SEO ConsultantCommented:
I developed the following code to resolve encoding problems when directly using quoted text in mySql commands.
private static Regex _FromToRegex = new Regex(@"([\\\n\r\b\t'""\x1a\x00])",RegexOptions.Compiled);
 
private static string FromToMatchEvaluator(Match match)
{
	switch (match.Value)
	{
		case "\\":
			return "\\\\";
		case "\n":
			return "\\n";
		case "\r":
			return "\\r";
		case "\b":
			return "\\b";
		case "\t":
			return "\\t";
		case "\x1a":
			return "\\Z";
		case "\x00":
			return "\\0";
		case "'":
			return "\\'"; 
		case "\"":
			return "\\\"";
		default:
			return match.Value;
	}
}
 
public static string SqlEscapes(string s)
{
	return _FromToRegex.Replace(s,new MatchEvaluator(FromToMatchEvaluator));
}
 
public static string SqlString(String str)
{
	return "'"+SqlEscapes(str)+"'";
}

Open in new window

0
 
rochefcCommented:
To replace Single Quotes, Double Quotes or Carriage Returns for use with Crystal Reports in C# try
 
fieldValue = fieldValue.Replace("\r\n", "' & chr(010) & '").Replace("'", "''").Replace("\"", "''''");

This allows the Crystal Report to Print with the desired result
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now