I have no idea that I am trying to do something very simple to start this problem , Create a string with quotation marks in it. I have no problem with it (even C #), but it is behaving a special part of the code in a weird way (at least how I find out)
Match Time Extractor = (New Regex @ "'(? & Lt; time & gt; \ {4}: \ d {2}: \ d {2} \ d {1, 2}: \ d {2}: \ d {2}) '') .match (SQLstatement); string time = time extractor group ["time"] .toasting (); match visualctactor = (new regesx (@ "Movers \ ('(? & Lt; visit_id & gt; [\ d] +)'")). Match (escalastament); string visit_id = visitidextractor.Groups ["visit_id"]. ToString (); string s = " Select * from the measurement data, where time = \ "+ + +" \ "and visit_ID = \" + visit_id + \ ";"; queryCommand.CommandText = s; my problem This is my result The string looks something like the following:
"Select data from the measurements * where time = \" 2009: 11: 11 11: 11: 11 \ "and visit_ID ...."
< P> The following test code is running in any other application, resulting in the result (without backslash) string time = @ "2009: 11: with backslash appearing in the expression. : 11 11:11:11 "; String visit_id = @" 1279 "; Select from strings s =" measurement * "with parameters, where time = \" "+ + time +" \ "and visit_ID = \" + visit_id + " \ ";; Console; light line (s); These desired results are produced with or without the preceding @ sign. I am fielding with it for a while.
Adding an extra backslash, avoiding backslash and not quotes (as I believe it should) and does not escape quotes, so it does not compile.
Removing backslash behavior does not prevent quotes and will not compile once again (as I expected).
But what exactly is happening to me, I try to remove backslash with the following addition of code:
Match Time Extractor = (New Regex (@ "'(? & Gt; {time} )). Milan (SQLstatement); String Time = Time Extractor Group ["time"]. Toasting (); Match visualctactor = (new regeses (@ "movers \ ('(? & Lt; visit_id & gt; [\ d] +)'")). Match (escalstment); string visit_id = visitidextractor.Groups ["visit_id"]. ToString (); String s = "Select * from the measurement data * Time =" "time + \" + + "\" and visit_ID = \ "+ visit_id +" \ ";" s = s.Replace ("\\" , ""); QueryCommand.CommandText = s; And it does nothing for the string! It still has a backslash I was doing wrong or how to go around this behavior
Thanks again for the help.
You should go with it:
queryCommand.CommandText =" Select from "Measurement Data" + "Where time = @ time and visit_ID = @ VisitId;"; queryCommand.Parameters AddWithValue ("@time", time); query comma. parameter.advanced value ("@visid", visit_id); In this way you do not need to keep those quotes and This is against the attacks of SQL injection.
No comments:
Post a Comment