Concatenate string

  • Thread starter Thread starter Luigi Z
  • Start date Start date
L

Luigi Z

Hi all,
having a string like this:

(CustomerDescH LIKE '%test2%')

how can I create a new string like this one:

(CustomerDescH LIKE '%test2%' OR CustomerNumber LIKE '%test2%')

Thanks a lot.
 
:

string strCriteria = "(CustomerDescH LIKE '%test2%')";
strCriteria = strCriteria.TrimEnd(')');
strCriteria += " OR CustomerNumber LIKE '%test2%'";
strCriteria += ")";

N.B. this isn't particularly efficient so, for longer strings, you might
like to consider the StringBuilder class:
http://msdn.microsoft.com/en-us/library/2839d5h5(VS.80).aspx
Click to expand...

Hi Mark,
the problem is that "test2" is a variable, not a coded value.
So, before everythinf, I must extract this value and put in the OR condition.

Luigi
 
Hi Mark,
the problem is that "test2" is a variable, not a coded value.
So, before everythinf, I must extract this value and put in the OR condition.

Luigi
Click to expand...

Can you just use two separate strings? Ex:

string primary = String.Format("(CustomerDescH LIKE '{0}')", test2);
string secondary = String.Format("(CustomerDescH LIKE '{0}' OR
CustomerNumber LIKE '{0}')", test2);

Not exactly scalable, but it works.
 
Luigi Z laid this down on his screen :
Hi all,
having a string like this:

(CustomerDescH LIKE '%test2%')

how can I create a new string like this one:

(CustomerDescH LIKE '%test2%' OR CustomerNumber LIKE '%test2%')

Thanks a lot.
Click to expand...

Note: it looks like you are building a SQL string inside your code. Are
you aware of "sql injection"? If that variable is filled with input
from a malicious user, you could end up with a sql query that does
something that you didn't intend (like deleting data).
The solution is to use parameters in the query and let the database
connector handle the escaping of problematic characters.

Hans Kesting
 
Now the problem is to "extract" the value "test" from this string:

(CustomerDescH LIKE '%test%')

so "test" become my variable.

Luigi
 
Hi all,
having a string like this:

(CustomerDescH LIKE '%test2%')

how can I create a new string like this one:

(CustomerDescH LIKE '%test2%' OR CustomerNumber LIKE '%test2%')

Thanks a lot.


--
Luigi

PS
I'm using C# 2.0
Click to expand...

Seems like your description is being misunderstood a bit. I'm assuming you are writing
some kind of query filter that modifies existing queries (as String) to add a second
condition.

I'm not sure how much of the original query syntax is fixed, but using this somewhat
unwieldy but very powerful method, you can easily decide on that whenever you like.
If you're not familiar with regular expressions, this is an excellent way to start!

First, add "using System.Text.RegularExpressions;", and then do something like this
(sin, the input string, gets modified but only if the regex matches):

// Match any string that has a single-quoted string in it, and produce three parts,
// "pre", "str" and "post"
Regex strmatchex = new Regex("^(?<pre>[^']*')(?<str>[^']*)(?<post>'.*)$");
// ...or a much stricter version
// Regex strmatchex = new Regex("^(?<pre>\\(CustomerDescH LIKE ')(?<str>[^']*)(?<post>'\\))$");
// Apply the regular expression to the input string
Match m = strmatchex.Match(sin);
// If the string matches, add some more text, including an extra copy of the "str" part
if (m.Success) {
sin = m.Groups["pre"].Value + m.Groups["str"].Value +
"' OR CustomerNumber LIKE '" +
m.Groups["str"].Value + m.Groups["post"].Value;
}

/Hans
 
Hans Kesting said:
Note: it looks like you are building a SQL string inside your code. Are
you aware of "sql injection"? If that variable is filled with input
from a malicious user, you could end up with a sql query that does
something that you didn't intend (like deleting data).
The solution is to use parameters in the query and let the database
connector handle the escaping of problematic characters.
Click to expand...

You're right Hans, maybe it's better to refactor the entire application.

Luigi
 
Hans Liss said:
Seems like your description is being misunderstood a bit. I'm assuming you are writing
some kind of query filter that modifies existing queries (as String) to add a second
condition.

I'm not sure how much of the original query syntax is fixed, but using this somewhat
unwieldy but very powerful method, you can easily decide on that whenever you like.
If you're not familiar with regular expressions, this is an excellent way to start!

First, add "using System.Text.RegularExpressions;", and then do something like this
(sin, the input string, gets modified but only if the regex matches):

// Match any string that has a single-quoted string in it, and produce three parts,
// "pre", "str" and "post"
Regex strmatchex = new Regex("^(?<pre>[^']*')(?<str>[^']*)(?<post>'.*)$");
// ...or a much stricter version
// Regex strmatchex = new Regex("^(?<pre>\\(CustomerDescH LIKE ')(?<str>[^']*)(?<post>'\\))$");
// Apply the regular expression to the input string
Match m = strmatchex.Match(sin);
// If the string matches, add some more text, including an extra copy of the "str" part
if (m.Success) {
sin = m.Groups["pre"].Value + m.Groups["str"].Value +
"' OR CustomerNumber LIKE '" +
m.Groups["str"].Value + m.Groups["post"].Value;
}
Click to expand...

Very interesting, if I have to study it a bit.
Thanks Hans.

L
 
somothing like this may work

string s = "(CustomerDescH LIKE '%test2%')";

s.Insert (s.Length -1, OR CustomerNumber LIKE '%test2%');

bye
 
Back
Top