Search code examples
asp.netescapingweb-configconnection-string

Escape quote in web.config connection string

I have a connection string in my web config:

<add name="MyConString" connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass"word" providerName="System.Data.SqlClient" />

As you see, there is a quotation sign ( " ) in the password (given from other dept. I can't change this db users password).

How do I have to escape the quote in this connection string?

Btw: I already tried & quot; in the string. That didn't work - ado.net got an ArgumenException then: "Format of the initialization string does not conform to specification starting at index 57." 57 is where the & quot; is in my connection string. I also tried enclosing the password part in ' - didn't work either.

Also tried "" and \" - web.config can't be parsed then.

Thanks for the solution:

I had to combine the escaping of the double quote and putting the password in single quotes:

<add name="MyConString" connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass&quot;word'" providerName="System.Data.SqlClient" />
Solution

  • Use &quot; instead of " to escape it.

    web.config is an XML file so you should use XML escaping.

    connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass&quot;word"

    See this forum thread.

    Update:

    &quot; should work, but as it doesn't, have you tried some of the other string escape sequences for .NET? \" and ""?

    Update 2:

    Try single quotes for the connectionString:

    connectionString='Server=dbsrv;User ID=myDbUser;Password=somepass"word'

    Or:

    connectionString='Server=dbsrv;User ID=myDbUser;Password=somepass&quot;word'

    Update 3:

    From MSDN (SqlConnection.ConnectionString Property):

    To include values that contain a semicolon, single-quote character, or double-quote character, the value must be enclosed in double quotation marks. If the value contains both a semicolon and a double-quote character, the value can be enclosed in single quotation marks.

    So:

    connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass&quot;word'"

    The issue is not with web.config, but the format of the connection string. In a connection string, if you have a " in a value (of the key-value pair), you need to enclose the value in '. So, while Password=somepass"word does not work, Password='somepass"word' does.