Link to home
Start Free TrialLog in
Avatar of brgdotnet
brgdotnetFlag for United States of America

asked on

how to double quote a string for an inline sql statement.

I have an inline sql statement that looks like the following.

const string mySql = "SELECT EMP_ID,EMP_ENROLL from Employees";

Now I rewrote the query so that it will have alias names for the two columns.
This query runs in sql server but I need to rewrite it in an inline format
so that it is stored in const string mySql in C#. So how can I double quote " Employee Id " and "Employee Enrolled"    ??

const string mySql = "SELECT EMP_ID" + " Employee Id " + EMP_ENROLL " + "Employee Enrolled"  + "from Employees"



Note that I do not want to use angle brackets [] to create aliases because those do not port to Oracle. So anyway,
I just need to figure out how to double quote, " Employee Id " and "Employee Enrolled"  can someone show me how to do that?
ASKER CERTIFIED SOLUTION
Avatar of Ryan Chong
Ryan Chong
Flag of Singapore image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of slightwv (䄆 Netminder)
slightwv (䄆 Netminder)

I'm not sure backslash works in C#.  Try double double quotes.

const string mySql = "SELECT EMP_ID ""Employee Id"", EMP_ENROLL ""Employee Enrolled"" from Employees"


From your previous question:  I still strongly encourage you to NOT do it this way.

If you can explain why you are wanting to do this, we can probably provide alternatives.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
>> instead of SQL-Injection-susceptible string concatenation

I don't think it is.  The concatenation was just an attempt to add an Oracle column alias with a space in it.  This requires a double quote around the alias.  It isn't a parameter to the query.
I think there's a couple of quotes out of place in the original. I first thought that there were no parameters, then on 2nd look it appeared as though EMP_ENROLL was a C# constant. If there are no variables, then I withdraw my concern  = )
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial