I have this:
string a = "a+a";
SqlCommand q = new SqlCommand("SELECT * FROM table WHERE a = @a", conn);
q.Parameters.AddWithValue("@a", a);
But the parameterization totally erases the + from a, leaving me with a a instead of the desired a+a. I need that + in place; I just want it escaped, not removed.
Is there a way I can tell C# to escape the + instead of erasing it? I am using .NET Framework 2.0 and don't have the option to upgrade.
Thanks everyone. I'm not sure exactly what happened here but I ended up just replacing all + signs with zeros before storing.
I think I remember transferring this variable over the querystring, but I don't remember exactly. If I did, then probably the plus was eaten by the qs parser, not the parameterization code. You may want to check that.
I did not try specifying a datatype because I was in a hurry and replacing the + for something that doesn't get eaten like 0 was the fastest solution.
Thanks again to all contributors.