Solved

C# single quoting a dynamical sql statement.

Posted on 2016-10-19
4
44 Views
Last Modified: 2016-10-23
I am maintaining some C# code. The code builds a dynamic query. I noticed that an effort is put twords putting single quotes around
the value passed for the parameter. See below as an example where chosen.Option is single quoted. Can someone tell me what the
rule is that applies to single quoting dynamic queries? When is it necesary to surround the variable with single quotes?

queryString = "BEGIN EXEC sprGetVarData @NAME= '"  + chosen.Option +  "'";
0
Comment
Question by:brgdotnet
4 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 251 total points
ID: 41851390
Values in SQL queries always have to be quoted in my experience.  MySQL will allow you to use single or double quotes.  But the double quotes for your string require either single quotes or escaping double quote.  Single quotes are usually used because they are slightly easier than escaping a lot of double quotes.
0
 
LVL 49

Assisted Solution

by:Ryan Chong
Ryan Chong earned 83 total points
ID: 41851398
you should use a Command object to call your stored procedure in which for your Command object, you adding a Parameter with its value. Since you adding it as a value, it will handle the single quote issue for you.

you can share your existing codes here if necessary.
0
 
LVL 44

Assisted Solution

by:AndyAinscow
AndyAinscow earned 83 total points
ID: 41851570
You will usually use quotes (single or double) for string values, especially if there is a space in the value.

x = hello world
means x is assigned the value hello and then the compiler will inform you it doesn't know what world means.
0
 
LVL 24

Assisted Solution

by:Pawan Kumar
Pawan Kumar earned 83 total points
ID: 41852832
You add single quotes if you are passing a string value to a stored procedure so the parameters would be of type Varchar or NVarchar.

SQL Server interprets single quote as a string value.

Specific to your case you are passing Name from the option list, so that will be a string value as Name cannot of type int/float/bit/etc.


Hope it helps.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction                                                 Was the var keyword really only brought out to shorten your syntax? Or have the VB language guys got their way in C#? What type of variable is it? All will be revealed.   Also called…
Introduction Although it is an old technology, serial ports are still being used by many hardware manufacturers. If you develop applications in C#, Microsoft .NET framework has SerialPort class to communicate with the serial ports.  I needed to…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now