?
Solved

C# single quoting a dynamical sql statement.

Posted on 2016-10-19
4
Medium Priority
?
68 Views
Last Modified: 2016-10-23
I am maintaining some C# code. The code builds a dynamic query. I noticed that an effort is put twords putting single quotes around
the value passed for the parameter. See below as an example where chosen.Option is single quoted. Can someone tell me what the
rule is that applies to single quoting dynamic queries? When is it necesary to surround the variable with single quotes?

queryString = "BEGIN EXEC sprGetVarData @NAME= '"  + chosen.Option +  "'";
0
Comment
Question by:brgdotnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1004 total points
ID: 41851390
Values in SQL queries always have to be quoted in my experience.  MySQL will allow you to use single or double quotes.  But the double quotes for your string require either single quotes or escaping double quote.  Single quotes are usually used because they are slightly easier than escaping a lot of double quotes.
0
 
LVL 53

Assisted Solution

by:Ryan Chong
Ryan Chong earned 332 total points
ID: 41851398
you should use a Command object to call your stored procedure in which for your Command object, you adding a Parameter with its value. Since you adding it as a value, it will handle the single quote issue for you.

you can share your existing codes here if necessary.
0
 
LVL 44

Assisted Solution

by:AndyAinscow
AndyAinscow earned 332 total points
ID: 41851570
You will usually use quotes (single or double) for string values, especially if there is a space in the value.

x = hello world
means x is assigned the value hello and then the compiler will inform you it doesn't know what world means.
0
 
LVL 29

Assisted Solution

by:Pawan Kumar
Pawan Kumar earned 332 total points
ID: 41852832
You add single quotes if you are passing a string value to a stored procedure so the parameters would be of type Varchar or NVarchar.

SQL Server interprets single quote as a string value.

Specific to your case you are passing Name from the option list, so that will be a string value as Name cannot of type int/float/bit/etc.


Hope it helps.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question