DataTable DataRow Select String with Quotation Marks

2.3k Views Asked by RBrattas At 25 March 2010 at 20:44

My string include quotation mark; the select statement crash.

vm_TEXT_string = "Hello 'French' People";
vm_DataTable_SELECT_string = "[MyField] = '" + vm_TEXT_string + "'";
DataRow[] o_DataRow_ARRAY_Found = vco_DataTable.Select (vm_DataTable_SELECT_string);

I cannot use this statement: string filter = "[MyColumn]" + " LIKE '%" + SearchWord + "%'";

I found string format:

DataRow[] oDataRow = oDataSet.Tables["HasDiseas"].Select ( string.Format ( "DName='{0}'", DiseasListBox.SelectedItem.ToString () ) );

Any suggestion to selecta string with quotation mark?

Thank you, Rune

Original Q&A

There are 2 best solutions below

Joel Coehoorn On 25 March 2010 at 20:48

For a datatable, you can replace the single quotation mark with two quotation marks:

string.Format("DName='{0}'", DiseasListBox.SelectedItem.ToString().Replace("'", "''")

But keep in mind that you should not do this with actual sql queries. It's possible for crackers to abuse that technique to send undesirable queries to your database.

Another option is to do something like this:

IEnumerable<DataRow> rows = oDataSet.Tables["HasDiseas"].Where(r => r["DName"] == DiseasListBox.SelectedItem.ToString());

Mike Cialowicz On 25 March 2010 at 20:53

This depends on your database engine, but generally, you can escape the single quote (') with two single quotes ('').

Although, the best way to do it is to use a parametrized query, which will do the special character escaping for you.

DataTable DataRow Select String with Quotation Marks

There are 2 best solutions below

Related Questions in .NET

Related Questions in DATATABLE.SELECT

Trending Questions

Popular # Hahtags

Popular Questions