We help IT Professionals succeed at work.

Dropdownlist and quote problem

JeffEae
JeffEae asked
on
Medium Priority
290 Views
Last Modified: 2013-12-17
Hi, I'm trying to write a select statement in C# based on the value from my dropdownlist.  

I set a breakpoint in my code and the output displays a double quote at the end:

            sqltext      "select nameoffile from FileViewer where category ='US Corrugated Capabilities'"      string

How would I get rid of that double quote and replace it with a single quote?

string sqltext = "select nameoffile from FileViewer where category =" + "'" + GroupDDL.SelectedItem.Text + "'";

Open in new window

Comment
Watch Question

sqltext = sqltext.Replace("""", "'");

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I tried doing that and I'm still getting the double quote at the end


 string sqltext = "select nameoffile from FileViewer where category =" + "'" + GroupDDL.SelectedItem.Text.Replace("'","''");

Open in new window

Author

Commented:
Finally figured it out, I didn't need to replace the double quote, just had to add an escape character to add a single quote in
string sqltext = "select nameoffile from FileViewer where category =" + "'" + GroupDDL.SelectedItem.Text + "\'";

Open in new window

Marcus KeustermansSolutions Architect
CERTIFIED EXPERT

Commented:
I hope you realize that you are leaving yourself open to sql injection with the way that construct your sql.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.