locked
Escape double quote RRS feed

  • Question

  • dumb question but how do I add in double quotes around the @CarName param.  SQL needs to surround any search terms incoming to my method in double quotes for this not to bomb out:

    conn.CommandText = @"select    c.CarID
                                    from cars c
                                    inner join CONTAINSTABLE(CarResults, keywords, @CarName) as cn s on c.id = cn.[KEY] )";

    conn.AddParam("@CarName", name);

    The actual query will then have '"CarName"' after this is set properly

    C# Web Developer
    • Edited by NoEgo Thursday, November 6, 2008 6:42 PM
    Thursday, November 6, 2008 6:37 PM

Answers

  • You shouldn't have to double the quotes for the parameter name @CarName in the query.  That would be a mistake.  What you ought to do is add the quotes to the value that gets set as the parameter.  For example:

    conn.AddParam("@CarName", @"""" + name + @"""");

    This is assuming you want to search the database column for the value "CarName" with the double-quotes within the value in the database.
    David Morton - http://blog.davemorton.net/
    • Edited by David M Morton Thursday, November 6, 2008 6:52 PM
    • Proposed as answer by David M Morton Thursday, November 6, 2008 7:04 PM
    • Marked as answer by NoEgo Thursday, November 6, 2008 7:29 PM
    • Marked as answer by NoEgo Thursday, November 6, 2008 7:29 PM
    • Marked as answer by NoEgo Thursday, November 6, 2008 7:29 PM
    Thursday, November 6, 2008 6:50 PM

All replies

  • Double the double quotes!

    There are two ways:

    If you're looking for the following string:

    John said, "Hi!".

    Then you have two options:

    1. string value = @"John said, ""Hi!"".";
    2. string value = "John said, \"Hi!\".";

    Hope this helps.

    David Morton - http://blog.davemorton.net/
    Thursday, November 6, 2008 6:42 PM
  • .. keywords, \"@CarName\"  ....
    Thursday, November 6, 2008 6:44 PM
  • I already tried doubling the double quotes but that doesn't work.  That just treats the value @CarName literally.
    C# Web Developer
    Thursday, November 6, 2008 6:48 PM
  • \"@CarName\" and that causes the rest of the string after that point to become nonstring values.  So it esentially ends my string right then and there which is not the effect I wanted.
    C# Web Developer
    Thursday, November 6, 2008 6:50 PM
  • You shouldn't have to double the quotes for the parameter name @CarName in the query.  That would be a mistake.  What you ought to do is add the quotes to the value that gets set as the parameter.  For example:

    conn.AddParam("@CarName", @"""" + name + @"""");

    This is assuming you want to search the database column for the value "CarName" with the double-quotes within the value in the database.
    David Morton - http://blog.davemorton.net/
    • Edited by David M Morton Thursday, November 6, 2008 6:52 PM
    • Proposed as answer by David M Morton Thursday, November 6, 2008 7:04 PM
    • Marked as answer by NoEgo Thursday, November 6, 2008 7:29 PM
    • Marked as answer by NoEgo Thursday, November 6, 2008 7:29 PM
    • Marked as answer by NoEgo Thursday, November 6, 2008 7:29 PM
    Thursday, November 6, 2008 6:50 PM
  • in other words either of these:

    conn.CommandText = @"select    c.CarID
                                    from cars c
                                    inner join CONTAINSTABLE(CarResults, keywords, ""@CarName"") as cn s on c.id = cn.[KEY] )";

    or

    conn.CommandText = @"select    c.CarID
                                    from cars c
                                    inner join CONTAINSTABLE(CarResults, keywords, ""@CarName"") as cn s on c.id = cn.[KEY] )";

    end up cutting off as cn s on c.id = cn.[KEY] )"; part
    C# Web Developer
    Thursday, November 6, 2008 6:52 PM