Solved

C# single quoting a dynamical sql statement.

Posted on 2016-10-19
4
50 Views
Last Modified: 2016-10-23
I am maintaining some C# code. The code builds a dynamic query. I noticed that an effort is put twords putting single quotes around
the value passed for the parameter. See below as an example where chosen.Option is single quoted. Can someone tell me what the
rule is that applies to single quoting dynamic queries? When is it necesary to surround the variable with single quotes?

queryString = "BEGIN EXEC sprGetVarData @NAME= '"  + chosen.Option +  "'";
0
Comment
Question by:brgdotnet
4 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 251 total points
ID: 41851390
Values in SQL queries always have to be quoted in my experience.  MySQL will allow you to use single or double quotes.  But the double quotes for your string require either single quotes or escaping double quote.  Single quotes are usually used because they are slightly easier than escaping a lot of double quotes.
0
 
LVL 50

Assisted Solution

by:Ryan Chong
Ryan Chong earned 83 total points
ID: 41851398
you should use a Command object to call your stored procedure in which for your Command object, you adding a Parameter with its value. Since you adding it as a value, it will handle the single quote issue for you.

you can share your existing codes here if necessary.
0
 
LVL 44

Assisted Solution

by:AndyAinscow
AndyAinscow earned 83 total points
ID: 41851570
You will usually use quotes (single or double) for string values, especially if there is a space in the value.

x = hello world
means x is assigned the value hello and then the compiler will inform you it doesn't know what world means.
0
 
LVL 28

Assisted Solution

by:Pawan Kumar
Pawan Kumar earned 83 total points
ID: 41852832
You add single quotes if you are passing a string value to a stored procedure so the parameters would be of type Varchar or NVarchar.

SQL Server interprets single quote as a string value.

Specific to your case you are passing Name from the option list, so that will be a string value as Name cannot of type int/float/bit/etc.


Hope it helps.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Extention Methods in C# 3.0 by Ivo Stoykov C# 3.0 offers extension methods. They allow extending existing classes without changing the class's source code or relying on inheritance. These are static methods invoked as instance method. This…
We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question