Cannot seem to save a string with double quotes

[Steven Blair]

Hi,

I need to update a DB Table (MySQL 4.0) with a string representing a
directory path (C:\Temp\In) but cannot get C# to do this.

I take the string value from a textbox (myStr = myText.Text) and pass
this to a function.

The function builds up a SQL string which will be executed:

SQLString = String.Format( "UPDATE BSConfig " +
"SET BSConfig_Inbound = \"{0}\",myStr);

This puts the quotes round the text, but remvoes the slashes. I tried
using the @ character (not sure what you call this lol) and the \" but
was given an error.

SQLString = String.Format( @"UPDATE BSConfig " +
"SET BSConfig_Inbound = \"{0}\",myStr); //Not allowed

Anyone help me out ?

Regards,

Steven

 

[Ignacio Machin \( .NET/ C# MVP \)]

Hi Steven,

If I understand correctly you want both the \ and the " to appear in the
string right?

What is happening is that \ is the "escape character" meaning that the next
character should not be interpreted as a especial char.
So what \" gets converted in " and the \ is eliminated, cause it's used
only as a "escape"
Now if you want the \ to appear you just simply "escape" it too
\\ will do the trick

Cheers,

 

[Michael A. Covington]

If you want slashes and quotes, write \\\" for each.

Thus

"\\\"this\\\""

is a string containing the characters:

\"this\"

 

[Jon Skeet [C# MVP]]

I need to update a DB Table (MySQL 4.0) with a string representing a
directory path (C:\Temp\In) but cannot get C# to do this.

I take the string value from a textbox (myStr = myText.Text) and pass
this to a function.

The function builds up a SQL string which will be executed:

SQLString = String.Format( "UPDATE BSConfig " +
"SET BSConfig_Inbound = \"{0}\",myStr);

That's a bad idea to start with.

Use parameters instead - it'll make it *much* easier to deal with, as
you only need to worry about getting the correct data, with no
escaping, into a string, and then setting that as the parameter value.

 

[Steven Blair]

Hi,

Thanx for the replies.

I understand using \\ will give me a \ but the problem is, I have a
variable containing C:\Temp\In. I need to format this to have quotes and
keep the \ character.

Here is a small example of what I am doing

private bool MyFunc ( string InDir )
{
SQLString = String.Format("\"{0}\"",InDir);
//Run SQL statment
}

This code puts " around my string, but removes the \. If I done this:

SQLString = String.Format(@"{0}",InDir);

It keeps my \ but no quotes.

Jon, you mentioned that my way was a bad idea (I think), could you
explain again what you meant by parameters. I didnt understand from you
post.

Regards,

Steven

 

[Jon Skeet [C# MVP]]

Thanx for the replies.

I understand using \\ will give me a \ but the problem is, I have a
variable containing C:\Temp\In. I need to format this to have quotes and
keep the \ character.

Here is a small example of what I am doing

private bool MyFunc ( string InDir )
{
SQLString = String.Format("\"{0}\"",InDir);
//Run SQL statment
}

This code puts " around my string, but removes the \. If I done this:

That won't actually remove the quotes. If you think it does, please
produce a short but complete program which demonstrates it.

SQLString = String.Format(@"{0}",InDir);

Using an @ there won't do anything at all - the @ just means that the
string "{0}" is treated verbatim, which makes no odds as there are no
escape or CR/LF characters in there.

It keeps my \ but no quotes.

Jon, you mentioned that my way was a bad idea (I think), could you
explain again what you meant by parameters. I didnt understand from you
post.

Instead of putting the value in the SQL that you're going to execute,
use a parameter - so you put something like @name in the SQL, and then
add parameters to the command and set the parameter values
appropriately. See the docs SqlCommand.Parameters for an example -
although obviously you'll need to use the command type appropriate to
your DB provider.

 

[Steven Blair]

I think I see what you mean.

Do you mean use parameters as in parameters for a Stored Procedure ? I
cant run stored procedures since I am running MySQL 4.0.

Unless there is some other way of running this without SP's.

Altho, I cant believe that C# doesnt allow a string to have quotes and \
chars in it. Surely there must be some way of achieving this (maybe not
the best approach)

Regards,

Steven

 

[Steven Blair]

Done a little more investigation and it may not be C# thats the
problem....

I printed out some trace just before my SQL statment is executed:

UPDATE BSConfig SET BSConfig_Inbound = "C:\Inbound"

The string is enclosed with " and has a \ character.
I think MySQL has the problem with the single \.

Not sure how I can fix this, might have to try and double the \before
executing the statement.

Regards,

Steven

 

[Jon Skeet [C# MVP]]

I think I see what you mean.

Do you mean use parameters as in parameters for a Stored Procedure ? I
cant run stored procedures since I am running MySQL 4.0.

No, it's not stored procedures. You just embed parameter names in the
SQL itself, and add parameters to the command. The driver then takes
care of formatting for you.

Unless there is some other way of running this without SP's.

Altho, I cant believe that C# doesnt allow a string to have quotes and \
chars in it. Surely there must be some way of achieving this (maybe not
the best approach)

A string certainly can have quotes and backslashes in. How MySQL will
interpret it, however, is another matter.

 

[Jon Skeet [C# MVP]]

Done a little more investigation and it may not be C# thats the
problem....

I'm sure it's not.

I printed out some trace just before my SQL statment is executed:

UPDATE BSConfig SET BSConfig_Inbound = "C:\Inbound"

The string is enclosed with " and has a \ character.
I think MySQL has the problem with the single \.

Not sure how I can fix this, might have to try and double the \before
executing the statement.

No, you use parameters, as I've been saying before.

See http://www.aspnet101.com/aspnet101/tutorials.aspx?id=1 for a
tutorial on parameterized queries. It's in VB.NET, but the principles
are the same.