C# single quoting a dynamical sql statement.
Posted on 2016-10-19
I am maintaining some C# code. The code builds a dynamic query. I noticed that an effort is put twords putting single quotes around
the value passed for the parameter. See below as an example where chosen.Option is single quoted. Can someone tell me what the
rule is that applies to single quoting dynamic queries? When is it necesary to surround the variable with single quotes?
queryString = "BEGIN EXEC sprGetVarData @NAME= '" + chosen.Option + "'";