brgdotnet
asked on
how to double quote a string for an inline sql statement.
I have an inline sql statement that looks like the following.
const string mySql = "SELECT EMP_ID,EMP_ENROLL from Employees";
Now I rewrote the query so that it will have alias names for the two columns.
This query runs in sql server but I need to rewrite it in an inline format
so that it is stored in const string mySql in C#. So how can I double quote " Employee Id " and "Employee Enrolled" ??
const string mySql = "SELECT EMP_ID" + " Employee Id " + EMP_ENROLL " + "Employee Enrolled" + "from Employees"
Note that I do not want to use angle brackets [] to create aliases because those do not port to Oracle. So anyway,
I just need to figure out how to double quote, " Employee Id " and "Employee Enrolled" can someone show me how to do that?
const string mySql = "SELECT EMP_ID,EMP_ENROLL from Employees";
Now I rewrote the query so that it will have alias names for the two columns.
This query runs in sql server but I need to rewrite it in an inline format
so that it is stored in const string mySql in C#. So how can I double quote " Employee Id " and "Employee Enrolled" ??
const string mySql = "SELECT EMP_ID" + " Employee Id " + EMP_ENROLL " + "Employee Enrolled" + "from Employees"
Note that I do not want to use angle brackets [] to create aliases because those do not port to Oracle. So anyway,
I just need to figure out how to double quote, " Employee Id " and "Employee Enrolled" can someone show me how to do that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> instead of SQL-Injection-susceptible string concatenation
I don't think it is. The concatenation was just an attempt to add an Oracle column alias with a space in it. This requires a double quote around the alias. It isn't a parameter to the query.
I don't think it is. The concatenation was just an attempt to add an Oracle column alias with a space in it. This requires a double quote around the alias. It isn't a parameter to the query.
I think there's a couple of quotes out of place in the original. I first thought that there were no parameters, then on 2nd look it appeared as though EMP_ENROLL was a C# constant. If there are no variables, then I withdraw my concern = )
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
const string mySql = "SELECT EMP_ID ""Employee Id"", EMP_ENROLL ""Employee Enrolled"" from Employees"
From your previous question: I still strongly encourage you to NOT do it this way.
If you can explain why you are wanting to do this, we can probably provide alternatives.