DataTable DataRow 选择带引号的字符串
我的字符串包含引号; select 语句崩溃。
vm_TEXT_string = "Hello 'French' People";
vm_DataTable_SELECT_string = "[MyField] = '" + vm_TEXT_string + "'";
DataRow[] o_DataRow_ARRAY_Found = vco_DataTable.Select (vm_DataTable_SELECT_string);
我无法使用此语句: string filter = "[MyColumn]" + " LIKE '%" + SearchWord + "%'";
我发现字符串格式:
DataRow[] oDataRow = oDataSet.Tables["HasDiseas"].Select ( string.Format ( "DName='{0}'", DiseasListBox.SelectedItem.ToString () ) );
有什么建议选择带引号的字符串吗?
谢谢你, 符文
My string include quotation mark; the select statement crash.
vm_TEXT_string = "Hello 'French' People";
vm_DataTable_SELECT_string = "[MyField] = '" + vm_TEXT_string + "'";
DataRow[] o_DataRow_ARRAY_Found = vco_DataTable.Select (vm_DataTable_SELECT_string);
I cannot use this statement: string filter = "[MyColumn]" + " LIKE '%" + SearchWord + "%'";
I found string format:
DataRow[] oDataRow = oDataSet.Tables["HasDiseas"].Select ( string.Format ( "DName='{0}'", DiseasListBox.SelectedItem.ToString () ) );
Any suggestion to selecta string with quotation mark?
Thank you,
Rune
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
对于数据表,您可以用两个引号替换单引号:
但请记住,您不应该在实际的 sql 查询中执行此操作。黑客有可能滥用该技术向您的数据库发送不需要的查询。
另一种选择是执行以下操作:
For a datatable, you can replace the single quotation mark with two quotation marks:
But keep in mind that you should not do this with actual sql queries. It's possible for crackers to abuse that technique to send undesirable queries to your database.
Another option is to do something like this:
这取决于您的数据库引擎,但通常,您可以使用两个单引号 (
''
) 转义单引号 ('
)。尽管如此,最好的方法是使用 参数化query,它将为您执行特殊字符转义。
This depends on your database engine, but generally, you can escape the single quote (
'
) with two single quotes (''
).Although, the best way to do it is to use a parametrized query, which will do the special character escaping for you.