I am using C# in Visual Studio and I am trying to insert some data into a SQL database. Some unicode characters are turned into question marks when I try to insert them into the db. They appear just fine in the code or in a MessageBox.
For example: ș Ș ț Ț Ă ă Î î
are turned to ? ? ? ? A a Î î
//romanian characters
Here is the table:
CREATE TABLE [dbo].[Bookshelf]
(
[Id] INT NOT NULL PRIMARY KEY IDENTITY(1, 1),
[Text] NVARCHAR(50) NOT NULL
)
And here is the code:
private void Form1_Load(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Comsa\source\repos\Program\Program\Database1.mdf;Integrated Security=True");
con.Open();
string value = "ș Ș ț Ț Ă ă Î î";
SqlCommand cmd = new SqlCommand("INSERT INTO Bookshelf(Text) VALUES('" + value + "')",con);
cmd.ExecuteNonQuery();
con.Close();
}
And this is the output:
My question is what UTF does a SQL database use and if there is a way to insert those characters without altering them.
To send Unicode strings prefix the string with N
:
N'This is Unicode'
without the prefix it will be treated by whatever 8bit encoding applies.
Also, using string concatenation to build SQL is a recipe for SQL Injection.