Pull Quotes from my string

Hot Topic

How do write a pragram to search keywords in a documents
Derive a class from FileDialog
Copying a [complex] collection
Exporting database on to the client machine
Java to C#
Windows kernel mode ARP
Help fixing my catch mehod
abstract class vs interface in term of speed
How to show MDI Child windows form on a tab control
Object Oriented Programming

Visual C#

Trouble adding WMI code to C# application
Converting a string to int
What is "\n"? Any difference from "\r"?
private new void Dispose()
Default Encoding
convert double to 2 decimal places
constructor exceptions for objects in using list lead to problems
Restrict the size of a string
Analog Clock algorithm?
[off topic] Logging from MultipleAppdomains within application

Pull Quotes from my string

I am trying to convert this function that pulls the single quotes out my string before sending it to the database, i got it working in VB.Net with this code here

Public Function PrepareStr(ByVal strValue As String) As String

strValue = strValue.Replace("'", "''")

If strValue.Trim() = "" Then

Return "NULL"

Else

Return "'" & strValue.Trim() & "'"

End If

End Function

But I want to convert it to C# code and i got this far can anyone help me out on what i need to do, for the & operator this where i started but i getting an error though any help ! !

public string prepareStr(string str)

{

str = str.Replace("'", " ' '");

if(str.Trim() == "")

{

return null;

}

else

{

return "'" + str.Trim() + "'";

}

}


Answer this question

Pull Quotes from my string

  • BLACKDOG2

    So How would i enter single quotes in a SQL table, When i use " it interprets it at a double quote but i only need single....

  • PiGuy

    I pulled the code directly from your post and put it in a test app. The code compiled cleanly and call:

    prepareStr( "I've been workin' on the railroad" )

    Returned:

    'I ' 've been workin ' ' on the railroad'

    Which looks like where you are trying to get. So, errors are probably coming from somewhere else in the process.

    Now a quick comment. You mentioned that this routine is designed for use in sending data to the database. You do not need this logic. If you use Parameters with your queries, the ADO.net plumbing will properly handle all your quotes. Furthermore, if this is an effort to thwart SQL injection attacks, you will again benefit from using Parameters. It is possible for a hacker to construct a string that will still perform the injection knowing that quotes are being doubled up in this manner.

  • nabeelfarid

    Yes, dealing with embedded quotes can be a problem in the database, during data Import/Export, and on the Web. That is why the tools provide mechanisms for dealing with the problem. Parameters for SQL queries solve a number of problems that exist when simply trying to concatenate values. The problem is that that used to be the standard method, so many examples still use that approach.

    Keep plugging away.

  • glenna

    Oh ok thats some great advice!!! thanks....Let me share the exact problem i inherited this system and it has these comboBoxes that have some data in with these ' in it like

    Danny's gym or Micheal's Restaurant and when i try to search demographics for these business i get an unhandeld exception saying that "Incorrect syntax near 's' Unclosed quotation mark before the charectar string" so i thought if i wrote that function it would solve my problem.......have you ever expierenced such



  • Pull Quotes from my string
Answer this question