none
DbConnectionStringBuilder: ConnectionString parsing problem when a value inside starts with the equal sign RRS feed

  • Question

  • Hello,

    Could you please comment the behaviour of the following C# code:

    DbConnectionStringBuilder builder = new DbConnectionStringBuilder {
        ConnectionString =
            "Database=my_db;Server=my_server;Port=5432;User Id=me;Password==abc;Encoding=ASCII;Protocol=3"
    };
    foreach( var key in builder.Keys )
        Console.WriteLine( key );

    Among the expected results we have "password=abc;encoding" as a single key name, instead of "password" only. If the password doesn't start with the equal sign the key name is "password".
    I have noticed the problem using a new, random generated password with PostgreSQL Npgsql driver.

    Friday, October 14, 2016 11:14 AM

Answers

  • This is expected behavior. The password value needs to be enclosed in quotes if it contains an equal sign or semicolon.  If the password also contains the quote enclosure, embedded enclosures need to be doubled up.

    I suggest you avoid passing an already-built connection string to the constructor if it is from an untrusted source or might contain characters that need to be escaped or enclosed.  Instead, use the builder Add method to add strongly-typed connection string key/value pairs.

                DbConnectionStringBuilder builder = new DbConnectionStringBuilder();
                builder.Add("Database", "my_db");
                builder.Add("Server", "my_server");
                builder.Add("Port", 5432);
                builder.Add("User Id", "test");
                builder.Add("Password", yourGeneratedPassword);
                builder.Add("Encoding", "ASCII");
                builder.Add("Protocol", 3);
                Console.WriteLine(builder.ConnectionString);

    Alternatively, you could also use a connection string template sans run-time values and just set the values that need to be changed:

                string yourUserId = "me";
                string yourGeneratedPassword = "=abc";
                string connectionStringTemplate =
                        "Database=my_db;Server=my_server;Port=5432;User Id=;Password=;Encoding=ASCII;Protocol=3";
                DbConnectionStringBuilder builder = new DbConnectionStringBuilder();
                builder.ConnectionString = connectionStringTemplate;
                builder["User Id"] = yourUserId;
                builder["Password"] = yourGeneratedPassword;


    Dan Guzman, Data Platform MVP, http://www.dbdelta.com

    Friday, October 14, 2016 11:57 AM

All replies

  • This is expected behavior. The password value needs to be enclosed in quotes if it contains an equal sign or semicolon.  If the password also contains the quote enclosure, embedded enclosures need to be doubled up.

    I suggest you avoid passing an already-built connection string to the constructor if it is from an untrusted source or might contain characters that need to be escaped or enclosed.  Instead, use the builder Add method to add strongly-typed connection string key/value pairs.

                DbConnectionStringBuilder builder = new DbConnectionStringBuilder();
                builder.Add("Database", "my_db");
                builder.Add("Server", "my_server");
                builder.Add("Port", 5432);
                builder.Add("User Id", "test");
                builder.Add("Password", yourGeneratedPassword);
                builder.Add("Encoding", "ASCII");
                builder.Add("Protocol", 3);
                Console.WriteLine(builder.ConnectionString);

    Alternatively, you could also use a connection string template sans run-time values and just set the values that need to be changed:

                string yourUserId = "me";
                string yourGeneratedPassword = "=abc";
                string connectionStringTemplate =
                        "Database=my_db;Server=my_server;Port=5432;User Id=;Password=;Encoding=ASCII;Protocol=3";
                DbConnectionStringBuilder builder = new DbConnectionStringBuilder();
                builder.ConnectionString = connectionStringTemplate;
                builder["User Id"] = yourUserId;
                builder["Password"] = yourGeneratedPassword;


    Dan Guzman, Data Platform MVP, http://www.dbdelta.com

    Friday, October 14, 2016 11:57 AM
  • Thank you for the explanation. I have checked that building ConnectionString the suggested way I can initialize NpgsqlConnection class constructor avoiding the equal sign problem.
    Friday, October 14, 2016 1:07 PM
  • Hi e_t_k,

    If you resolve the issue, Could you please mark it as answer if some replies are helpful. it will be beneficial to other community which have similar issue.

    Best regards,

    Cole Wu


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, October 17, 2016 9:06 AM
    Moderator