How to execute sql query to match column value which contains single quote(')
My C# code to find a data row with column name CustomerAccountNumber which contains a value KKL'M"/ (single quote ' in value) return nothing
here is my C# code:
matchingid = "KKL'M\"/";
bool foundCustomer = false;
SqlConnection cnn;
connetionString = "Server=" + config.serverName + ";Database=" + config.companyName + ";Trusted_Connection=true";
cnn = new SqlConnection(connetionString);
cnn.Open();
var queryString = "SELECT CustomerAccountNumber, CustomerAccountName FROM [" + config.companyName + "].[dbo].[SLCustomerAccount] WHERE CustomerAccountNumber = @matchingAccountName";
SqlCommand command = new SqlCommand(queryString, cnn);
command.Parameters.Add(new SqlParameter("@matchingAccountName", System.Data.SqlDbType.NChar) { Value = matchingid });
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
foundCustomer = true;
}
}
cnn.Close();
screenshot of the database where value contains
Use parameters instead of constructing your query like that, and also put all objects that are disposable in a using.
This example can get you on the correct way
using (SqlConnection cnn = new SqlConnection(connetionString))
{
cnn.Open();
var queryString = "SELECT CustomerAccountNumber, CustomerAccountName FROM dbo.SLCustomerAccount WHERE CustomerAccountNumber = @matchingid";
using (SqlCommand command = new SqlCommand(queryString, cnn))
{
command.Parameters.Add("@matchingID", SqlDbType.VarChar, 50).Value = matchingID; // specify correct length
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
foundCustomer = true;
}
}
}
}
EDIT
As mentioned in the comments, you cant parameterize the company name, but it is not needed in your query so just leave it out.
The use of 3 part names will get deprecated, read all about that here
I would also like to mention that by using parameters, you don't have to worry about sql injection anymore. Not sure if your case has a problem with that, but it's best to always use parameters because you never have problems with formats, quotes ', and whatever you can find in your values, and you be safe against sql injection
EDIT 2
As also mentioned by @NicholasHunter, be careful with
matchingid = "kkl'm\"/n";
If a string can contain special characters, you can either escape them all, or simply use this
matchingid = @"kkl'm\"/n";
- Which is the best way to suppress "unused variable" warning
- How memory address for pointer to arrays is same as an element in 2D array?
- How to use ellipsis in c's case statement?
- Fast & accurate atan/arctan approximation algorithm
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?
- How does SIMD (avx) processing work? for example, if I want 10 32 bit floats how do i fit in a 256 bit avx vector?
- FDCAN problems on STM32G4
- How does the call macro enable mutual recursion between functions f and g in this Hanoi Tower implementation?
- Running test on Rocket core CPU - global variable initialized to 0 is unsuccessful, output wrong value instead
- Interacting with C arrays without knowing the size
- Combination of two strings
- Avoiding strcpy overflow destination warning
- carriage return by fgets
- How to use special characters in C?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- Is it correct to compare pointers in C?
- Force free() to return malloc memory back to OS
- How can I print to standard error in C with 'printf'?
- What is the standard behavior of fread in C on Windows?
- How is strtok removing lines it shouldn't have access to?
- Using array as smart point in C
- Assigning string to malloced 2d char array not working as intended
- How to refactor repetition inside a Makefile?
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct
- Character array typecasting to integer
- Handling HTTP Headers in a Minimal C HTTP Server
- How to get the sign, mantissa and exponent of a floating point number