simple but weird string concatenation

[Ryan Liu]

Hi,

I build a sql string, but sometime what I got missing the last part -- ")".

sql = "insert into project (sid, job_id, name, project_code,
note, qn_ver,greeting) values ( " //greeting
+ proj.ID + ","
+ job.JobTId + ",'"
+ proj.Name.Replace("'", "''") + "','"
+ proj.ProjectCode.Replace("'", "''") + "','"
+ proj.Note.Replace("'", "''") + "',"
+ proj.Version + ",'"
+ proj.Greeting.Replace("'", "''") + "'"
+ ")";


DbTool.ExecNoQuery(sql, conn, trans);

the last column Greeting is Rtf, so quite long: Greeting =

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset134
\'cb\'ce\'cc\'e5;}{\f1\fnil\fcharset134 \'cb\'ce\'cc\'e5;}}
{\colortbl ;\red0\green0\blue255;}
\viewkind4\uc1\pard\fi400\sl-320\slmult0\f0\fs20\par
\'ce\'d2\'c3\'c7\'b5\'c4\'b7\'c3\'ce\'ca\'b4\'f3\'b8\'c5\'bb\'e1\'bb\'a8\'b7\'d1\'c4\'fa\'ca\'ae\'bc\'b8\'b7\'d6\'d6\'d3\'b5\'c4\'ca\'b1\'bc\'e4\'a3\'ac\'cf\'a3\'cd\'fb\'b5\'c3\'b5\'bd\'c4\'fa\'b5\'c4\'ba\'cf\'d7\'f7!
\par
\'d0\'bb\'d0\'bb\'a1\'a3\par
\par
\cf1\f1\fs24\'c7\'eb\'ce\'ca\'ce\'d2\'c4\'dc\'ba\'cd\'c4\'fa\'bc\'d2\ul\b
18\'cb\'ea\'b5\'bd55\'cb\'ea\ulnone\b0\'a3\'ac\ul\b\'ba\'c8\'c6\'a1\'be\'c6\ulnone\b0\'b5\'c4\'bc\'d2\'cd\'a5\'b3\'c9\'d4\'b1\'cc\'b8\'d2\'bb\'cc\'b8\'c2\'f0\'a3\'bf\par
\pard\cf0\lang2052\fs18\par
\par
\lang1033\f0\fs20\par
}

This is what I got: sql =

insert into project (sid, job_id, proj_guid, name, project_code, note,
qn_ver,greeting) values (
3,4,'?¨¤?¦Ì-2','Proj-2','',2,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset134
\''cb\''ce\''cc\''e5;}{\f1\fnil\fcharset134 \''cb\''ce\''cc\''e5;}}
{\colortbl ;\red0\green0\blue255;}
\viewkind4\uc1\pard\fi400\sl-320\slmult0\f0\fs20\par
\''ce\''d2\''c3\''c7\''b5\''c4\''b7\''c3\''ce\''ca\''b4\''f3\''b8\''c5\''bb\''e1\''bb\''a8\''b7\''d1\''c4\''fa\''ca\''ae\''bc\''b8\''b7\''d6\''d6\''d3\''b5\''c4\''ca\''b1\''bc\''e4\''a3\''ac\''cf\''a3\''cd\''fb\''b5\''c3\''b5\''bd\''c4\''fa\''b5\''c4\''ba\''cf\''d7\''f7!
\par
\''d0\''bb\''d0\''bb\''a1\''a3\par
\par
\cf1\f1\fs24\''c7\''eb\''ce\''ca\''ce\''d2\''c4\''dc\''ba\''cd\''c4\''fa\''bc\''d2\ul\b
18\''cb\''ea\''b5\''bd55\''cb\''ea\ulnone\b0\''a3\''ac\ul\b\''ba\''c8\''c6\''a1\''be\''c6\ulnone\b0\''b5\''c4\''bc\''d2\''cd\''a5\''b3\''c9\''d4\''b1\''cc\''b8\''d2\''bb\''cc\''b8\''c2\''f0\''a3\''bf\par
\pard\cf0\lang2052\fs18\par
\par
\lang1033\f0\fs20\par
}


See, the last ') is missing!

But sometime it is OK. For example, when greeting uses another value, I got
complete sql =

insert into project (sid, job_id, proj_guid, name, project_code, note,
qn_ver,greeting) values (
4,4,'08heb4-data','08heb4','',5,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fcharset134
\''cb\''ce\''cc\''e5;}}
{\colortbl ;\red255\green0\blue0;}
\viewkind4\uc1\pard\lang2052\f0\fs24\''c4\''fa\''ba\''c3!\''b4\''f2\''c8\''c5\''c4\''fa\''c1\''cb\''a3\''a8\''b7\''c7\''b3\''a3\''b8\''df\''d0\''cb\''bd\''d3\''cd\''a8\''c4\''fa\''b5\''c4\''b5\''e7\''bb\''b0\''a3\''a9\''a3\''ac\''d5\''e2\''c0\''ef\''ca\''c7\''b1\''b1\''be\''a9\''bb\''aa\''cd\''a8\''c3\''f7\''c2\''d4\''b5\''e7\''bb\''b0\''b7\''c3\par
\par
\''ce\''ca\''d6\''d0\''d0\''c4\''a3\''ac\''ce\''d2\''ca\''c7__\''ba\''c5\''b7\''c3\''ce\''ca\''d4\''b1,\''c7\''eb\''ce\''ca\''c4\''fa\''d5\''e2\''c0\''ef\''ca\''c7\''bc\''d2\''cd\''a5\''b5\''e7\''bb\''b0\''c2\''f0\''a3\''bf\cf1
(\''b7\''c3\''ce\''ca\''d4\''b1\''d7\''a2\''d2\''e2:\''c8\''f4\''b2\''bb\par
\par
\''ca\''c7,\''c7\''eb\''b9\''d2\''b6\''cf\''b5\''e7\''bb\''b0)
\cf0\''ce\''d2\''c3\''c7\''d5\''fd\''d4\''da\''c8\''ab\''b9\''fa\''b7\''b6\''ce\''a7\''c4\''da\''bd\''f8\''d0\''d0\''d2\''bb\''cf\''ee\''bc\''d2\''cd\''a5\''c8\''d5\''d3\''c3\''c6\''b7\''b7\''bd\''c3\''e6\''b5\''c4\''b7\''c3\''ce\''ca,\''cf\''eb\par
\par
\''c7\''eb\''bd\''cc\''c4\''fa\''bc\''b8\''b8\''f6\''d0\''a1\''ce\''ca\''cc\''e2\''a1\''a3\par
}
')


That is very weird. Greeting is just a string, it can not have special
control character.

I can not use db cmd parapeter, seems sqlite does not support it.

Very appreciate for any help!

~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.

Ryan Liu Shanghai Fengpu Software Co. Ltd
Shanghai , China

http://www.PowerCATI.com Powerful CATI!
http://www.fpsoft.net.cn
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.

 

[Nicholas Paldino [.NET/C# MVP]]

Ryan,

Well, you really shouldn't be doing this kind of concatenation in the
first place. Why aren't you parameterizing the INSERT command, and then
setting the values of the parameters? The readability of the command will
be much better, you will protect yourself from injection attacks, and you
would probably be able to find out where the last quote/parenthesis/whatever
should be.

Right now, with that kind of input, it is a disaster waiting to happen.

 

[Ryan Liu]

Nicholas,

Thanks!

I know string concatenation is not a good approach. But as I said, the
database I am using seems does not support parameter in cmd. I am using
sqlite with its .NET ADO 2.0 wrapper.

I also use StringBuilder, that will help on performance.


System.Diagnostics.Debug.WriteLine(sb.ToString());
sb.Append(")");
System.Diagnostics.Debug.WriteLine(sb.ToString());

It prints same thing twice. The ")" is not appended!

I can think about the way to work around database problem. Is that possible
contains special charater to like "end of line", "backspace"?

I am testing with VS 2005 on Vista Enterprise edition. Both simplifed
Chinese version.

Thanks!

----- Original Message -----
From: "Nicholas Paldino [.NET/C# MVP]" <[email protected]>
Newsgroups: microsoft.public.dotnet.languages.csharp
Sent: Monday, January 14, 2008 1:07 PM
Subject: Re: simple but weird string concatenation

Ryan,

Well, you really shouldn't be doing this kind of concatenation in the
first place. Why aren't you parameterizing the INSERT command, and then
setting the values of the parameters? The readability of the command will
be much better, you will protect yourself from injection attacks, and you
would probably be able to find out where the last
quote/parenthesis/whatever should be.

Right now, with that kind of input, it is a disaster waiting to happen.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Hi,

I build a sql string, but sometime what I got missing the last part --
")".

sql = "insert into project (sid, job_id, name, project_code,
note, qn_ver,greeting) values ( " //greeting
+ proj.ID + ","
+ job.JobTId + ",'"
+ proj.Name.Replace("'", "''") + "','"
+ proj.ProjectCode.Replace("'", "''") + "','"
+ proj.Note.Replace("'", "''") + "',"
+ proj.Version + ",'"
+ proj.Greeting.Replace("'", "''") + "'"
+ ")";


DbTool.ExecNoQuery(sql, conn, trans);

the last column Greeting is Rtf, so quite long: Greeting =

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset134
\'cb\'ce\'cc\'e5;}{\f1\fnil\fcharset134 \'cb\'ce\'cc\'e5;}}
{\colortbl ;\red0\green0\blue255;}
\viewkind4\uc1\pard\fi400\sl-320\slmult0\f0\fs20\par
\'ce\'d2\'c3\'c7\'b5\'c4\'b7\'c3\'ce\'ca\'b4\'f3\'b8\'c5\'bb\'e1\'bb\'a8\'b7\'d1\'c4\'fa\'ca\'ae\'bc\'b8\'b7\'d6\'d6\'d3\'b5\'c4\'ca\'b1\'bc\'e4\'a3\'ac\'cf\'a3\'cd\'fb\'b5\'c3\'b5\'bd\'c4\'fa\'b5\'c4\'ba\'cf\'d7\'f7!
\par
\'d0\'bb\'d0\'bb\'a1\'a3\par
\par
\cf1\f1\fs24\'c7\'eb\'ce\'ca\'ce\'d2\'c4\'dc\'ba\'cd\'c4\'fa\'bc\'d2\ul\b
18\'cb\'ea\'b5\'bd55\'cb\'ea\ulnone\b0\'a3\'ac\ul\b\'ba\'c8\'c6\'a1\'be\'c6\ulnone\b0\'b5\'c4\'bc\'d2\'cd\'a5\'b3\'c9\'d4\'b1\'cc\'b8\'d2\'bb\'cc\'b8\'c2\'f0\'a3\'bf\par
\pard\cf0\lang2052\fs18\par
\par
\lang1033\f0\fs20\par
}

This is what I got: sql =

insert into project (sid, job_id, proj_guid, name, project_code, note,
qn_ver,greeting) values (
3,4,'?¨¤?¦Ì-2','Proj-2','',2,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset134
\''cb\''ce\''cc\''e5;}{\f1\fnil\fcharset134 \''cb\''ce\''cc\''e5;}}
{\colortbl ;\red0\green0\blue255;}
\viewkind4\uc1\pard\fi400\sl-320\slmult0\f0\fs20\par
\''ce\''d2\''c3\''c7\''b5\''c4\''b7\''c3\''ce\''ca\''b4\''f3\''b8\''c5\''bb\''e1\''bb\''a8\''b7\''d1\''c4\''fa\''ca\''ae\''bc\''b8\''b7\''d6\''d6\''d3\''b5\''c4\''ca\''b1\''bc\''e4\''a3\''ac\''cf\''a3\''cd\''fb\''b5\''c3\''b5\''bd\''c4\''fa\''b5\''c4\''ba\''cf\''d7\''f7!
\par
\''d0\''bb\''d0\''bb\''a1\''a3\par
\par
\cf1\f1\fs24\''c7\''eb\''ce\''ca\''ce\''d2\''c4\''dc\''ba\''cd\''c4\''fa\''bc\''d2\ul\b
18\''cb\''ea\''b5\''bd55\''cb\''ea\ulnone\b0\''a3\''ac\ul\b\''ba\''c8\''c6\''a1\''be\''c6\ulnone\b0\''b5\''c4\''bc\''d2\''cd\''a5\''b3\''c9\''d4\''b1\''cc\''b8\''d2\''bb\''cc\''b8\''c2\''f0\''a3\''bf\par
\pard\cf0\lang2052\fs18\par
\par
\lang1033\f0\fs20\par
}


See, the last ') is missing!

But sometime it is OK. For example, when greeting uses another value, I
got complete sql =

insert into project (sid, job_id, proj_guid, name, project_code, note,
qn_ver,greeting) values (
4,4,'08heb4-data','08heb4','',5,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fcharset134
\''cb\''ce\''cc\''e5;}}
{\colortbl ;\red255\green0\blue0;}
\viewkind4\uc1\pard\lang2052\f0\fs24\''c4\''fa\''ba\''c3!\''b4\''f2\''c8\''c5\''c4\''fa\''c1\''cb\''a3\''a8\''b7\''c7\''b3\''a3\''b8\''df\''d0\''cb\''bd\''d3\''cd\''a8\''c4\''fa\''b5\''c4\''b5\''e7\''bb\''b0\''a3\''a9\''a3\''ac\''d5\''e2\''c0\''ef\''ca\''c7\''b1\''b1\''be\''a9\''bb\''aa\''cd\''a8\''c3\''f7\''c2\''d4\''b5\''e7\''bb\''b0\''b7\''c3\par
\par
\''ce\''ca\''d6\''d0\''d0\''c4\''a3\''ac\''ce\''d2\''ca\''c7__\''ba\''c5\''b7\''c3\''ce\''ca\''d4\''b1,\''c7\''eb\''ce\''ca\''c4\''fa\''d5\''e2\''c0\''ef\''ca\''c7\''bc\''d2\''cd\''a5\''b5\''e7\''bb\''b0\''c2\''f0\''a3\''bf\cf1
(\''b7\''c3\''ce\''ca\''d4\''b1\''d7\''a2\''d2\''e2:\''c8\''f4\''b2\''bb\par
\par
\''ca\''c7,\''c7\''eb\''b9\''d2\''b6\''cf\''b5\''e7\''bb\''b0)
\cf0\''ce\''d2\''c3\''c7\''d5\''fd\''d4\''da\''c8\''ab\''b9\''fa\''b7\''b6\''ce\''a7\''c4\''da\''bd\''f8\''d0\''d0\''d2\''bb\''cf\''ee\''bc\''d2\''cd\''a5\''c8\''d5\''d3\''c3\''c6\''b7\''b7\''bd\''c3\''e6\''b5\''c4\''b7\''c3\''ce\''ca,\''cf\''eb\par
\par
\''c7\''eb\''bd\''cc\''c4\''fa\''bc\''b8\''b8\''f6\''d0\''a1\''ce\''ca\''cc\''e2\''a1\''a3\par
}
')


That is very weird. Greeting is just a string, it can not have special
control character.

I can not use db cmd parapeter, seems sqlite does not support it.

Very appreciate for any help!

~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.

Ryan Liu Shanghai Fengpu Software Co. Ltd
Shanghai , China

http://www.PowerCATI.com Powerful CATI!
http://www.fpsoft.net.cn
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.

 

[Ryan Liu]

No matter I use + or StringBuilder, sometime I can not add content.

So simple code, but sometime it works, sometime it does not:

System.Diagnostics.Debug.WriteLine("before: " +
sb.ToString() + "\r\n");
sb.Append("')"); //this line does not always
work!!!!!
System.Diagnostics.Debug.WriteLine("after:" +
sb.ToString() + "\r\n");

before: insert into project (sid, job_id, proj_guid, name, project_code,
note, qn_ver,greeting) values (
4,4,'PJ-87625553-0731-4b88-a7a0-f0ab856eda17','08heb4-data','08heb4','',5,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fcharset134
\''cb\''ce\''cc\''e5;}}
{\colortbl ;\red255\green0\blue0;}
\viewkind4\uc1\pard\lang2052\f0\fs24\''c4\''fa\''ba\''c3!\''b4\''f2\''c8\''c5\''c4\''fa\''c1\''cb\''a3\''a8\''b7\''c7\''b3\''a3\''b8\''df\''d0\''cb\''bd\''d3\''cd\''a8\''c4\''fa\''b5\''c4\''b5\''e7\''bb\''b0\''a3\''a9\''a3\''ac\''d5\''e2\''c0\''ef\''ca\''c7\''b1\''b1\''be\''a9\''bb\''aa\''cd\''a8\''c3\''f7\''c2\''d4\''b5\''e7\''bb\''b0\''b7\''c3\par
\par
\''ce\''ca\''d6\''d0\''d0\''c4\''a3\''ac\''ce\''d2\''ca\''c7__\''ba\''c5\''b7\''c3\''ce\''ca\''d4\''b1,\''c7\''eb\''ce\''ca\''c4\''fa\''d5\''e2\''c0\''ef\''ca\''c7\''bc\''d2\''cd\''a5\''b5\''e7\''bb\''b0\''c2\''f0\''a3\''bf\cf1
(\''b7\''c3\''ce\''ca\''d4\''b1\''d7\''a2\''d2\''e2:\''c8\''f4\''b2\''bb\par
\par
\''ca\''c7,\''c7\''eb\''b9\''d2\''b6\''cf\''b5\''e7\''bb\''b0)
\cf0\''ce\''d2\''c3\''c7\''d5\''fd\''d4\''da\''c8\''ab\''b9\''fa\''b7\''b6\''ce\''a7\''c4\''da\''bd\''f8\''d0\''d0\''d2\''bb\''cf\''ee\''bc\''d2\''cd\''a5\''c8\''d5\''d3\''c3\''c6\''b7\''b7\''bd\''c3\''e6\''b5\''c4\''b7\''c3\''ce\''ca,\''cf\''eb\par
\par
\''c7\''eb\''bd\''cc\''c4\''fa\''bc\''b8\''b8\''f6\''d0\''a1\''ce\''ca\''cc\''e2\''a1\''a3\par
}


after:insert into project (sid, job_id, proj_guid, name, project_code, note,
qn_ver,greeting) values (
4,4,'PJ-87625553-0731-4b88-a7a0-f0ab856eda17','08heb4-data','08heb4','',5,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fcharset134
\''cb\''ce\''cc\''e5;}}
{\colortbl ;\red255\green0\blue0;}
\viewkind4\uc1\pard\lang2052\f0\fs24\''c4\''fa\''ba\''c3!\''b4\''f2\''c8\''c5\''c4\''fa\''c1\''cb\''a3\''a8\''b7\''c7\''b3\''a3\''b8\''df\''d0\''cb\''bd\''d3\''cd\''a8\''c4\''fa\''b5\''c4\''b5\''e7\''bb\''b0\''a3\''a9\''a3\''ac\''d5\''e2\''c0\''ef\''ca\''c7\''b1\''b1\''be\''a9\''bb\''aa\''cd\''a8\''c3\''f7\''c2\''d4\''b5\''e7\''bb\''b0\''b7\''c3\par
\par
\''ce\''ca\''d6\''d0\''d0\''c4\''a3\''ac\''ce\''d2\''ca\''c7__\''ba\''c5\''b7\''c3\''ce\''ca\''d4\''b1,\''c7\''eb\''ce\''ca\''c4\''fa\''d5\''e2\''c0\''ef\''ca\''c7\''bc\''d2\''cd\''a5\''b5\''e7\''bb\''b0\''c2\''f0\''a3\''bf\cf1
(\''b7\''c3\''ce\''ca\''d4\''b1\''d7\''a2\''d2\''e2:\''c8\''f4\''b2\''bb\par
\par
\''ca\''c7,\''c7\''eb\''b9\''d2\''b6\''cf\''b5\''e7\''bb\''b0)
\cf0\''ce\''d2\''c3\''c7\''d5\''fd\''d4\''da\''c8\''ab\''b9\''fa\''b7\''b6\''ce\''a7\''c4\''da\''bd\''f8\''d0\''d0\''d2\''bb\''cf\''ee\''bc\''d2\''cd\''a5\''c8\''d5\''d3\''c3\''c6\''b7\''b7\''bd\''c3\''e6\''b5\''c4\''b7\''c3\''ce\''ca,\''cf\''eb\par
\par
\''c7\''eb\''bd\''cc\''c4\''fa\''bc\''b8\''b8\''f6\''d0\''a1\''ce\''ca\''cc\''e2\''a1\''a3\par
}
')

before: insert into project (sid, job_id, proj_guid, name, project_code,
note, qn_ver,greeting) values (
3,4,'PJ-bbab060d-2b48-493c-a641-6ee05bcb5353','Åàѵ-2','Proj-2','',2,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset134
\''cb\''ce\''cc\''e5;}{\f1\fnil\fcharset134 \''cb\''ce\''cc\''e5;}}
{\colortbl ;\red0\green0\blue255;}
\viewkind4\uc1\pard\fi400\sl-320\slmult0\f0\fs20\par
\''ce\''d2\''c3\''c7\''b5\''c4\''b7\''c3\''ce\''ca\''b4\''f3\''b8\''c5\''bb\''e1\''bb\''a8\''b7\''d1\''c4\''fa\''ca\''ae\''bc\''b8\''b7\''d6\''d6\''d3\''b5\''c4\''ca\''b1\''bc\''e4\''a3\''ac\''cf\''a3\''cd\''fb\''b5\''c3\''b5\''bd\''c4\''fa\''b5\''c4\''ba\''cf\''d7\''f7!
\par
\''d0\''bb\''d0\''bb\''a1\''a3\par
\par
\cf1\f1\fs24\''c7\''eb\''ce\''ca\''ce\''d2\''c4\''dc\''ba\''cd\''c4\''fa\''bc\''d2\ul\b
18\''cb\''ea\''b5\''bd55\''cb\''ea\ulnone\b0\''a3\''ac\ul\b\''ba\''c8\''c6\''a1\''be\''c6\ulnone\b0\''b5\''c4\''bc\''d2\''cd\''a5\''b3\''c9\''d4\''b1\''cc\''b8\''d2\''bb\''cc\''b8\''c2\''f0\''a3\''bf\par
\pard\cf0\lang2052\fs18\par
\par
\lang1033\f0\fs20\par
}
after:insert into project (sid, job_id, proj_guid, name, project_code, note,
qn_ver,greeting) values ( 3,4,'PJ-bbab060d-2b48-493c-a641-6ee05bcb5353','Åàѵ-2','Proj-2','',2,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset134
\''cb\''ce\''cc\''e5;}{\f1\fnil\fcharset134 \''cb\''ce\''cc\''e5;}}
{\colortbl ;\red0\green0\blue255;}
\viewkind4\uc1\pard\fi400\sl-320\slmult0\f0\fs20\par
\''ce\''d2\''c3\''c7\''b5\''c4\''b7\''c3\''ce\''ca\''b4\''f3\''b8\''c5\''bb\''e1\''bb\''a8\''b7\''d1\''c4\''fa\''ca\''ae\''bc\''b8\''b7\''d6\''d6\''d3\''b5\''c4\''ca\''b1\''bc\''e4\''a3\''ac\''cf\''a3\''cd\''fb\''b5\''c3\''b5\''bd\''c4\''fa\''b5\''c4\''ba\''cf\''d7\''f7!
\par
\''d0\''bb\''d0\''bb\''a1\''a3\par
\par
\cf1\f1\fs24\''c7\''eb\''ce\''ca\''ce\''d2\''c4\''dc\''ba\''cd\''c4\''fa\''bc\''d2\ul\b
18\''cb\''ea\''b5\''bd55\''cb\''ea\ulnone\b0\''a3\''ac\ul\b\''ba\''c8\''c6\''a1\''be\''c6\ulnone\b0\''b5\''c4\''bc\''d2\''cd\''a5\''b3\''c9\''d4\''b1\''cc\''b8\''d2\''bb\''cc\''b8\''c2\''f0\''a3\''bf\par
\pard\cf0\lang2052\fs18\par
\par
\lang1033\f0\fs20\par
}

 

[Ryan Liu]

One notable thing, for the second example, it does not just refuse append
"')", but also "eat up" "\r\n" and "return/newline" from Debug.WriteLine()

 

[Peter Duniho]

One notable thing, for the second example, it does not just refuse
append "')", but also "eat up" "\r\n" and "return/newline" from
Debug.WriteLine()

I don't really know what's going on, but the String class and
StringBuilder class do not just "eat up" or discard characters.

I suspect that the characters are in the string, assuming you've actually
added them, and that there's simply something about the way you're
inspecting the string that causes those characters to appear to be missing.

Pete

 

[Marc Gravell]

But as I said, the database I am using seems does not support parameter in cmd. I am using

sqlite with its .NET ADO 2.0 wrapper.

Which wrapper? A simple search revealed one on Sourceforge with a
"SQLiteParameter : DbParameter", and test cases that use it (as below)
- so are you *sure* you can't use parameters? I can't think that
anyone would seriously build a data-base provider without supporting
parameters... think "Bobby Tables"... (or google it if you don't know
the reference)

[not a direct recommendation; I have not used this software...; other
SQLite providers are available!]
http://sourceforge.krugle.com/kse/f...lite-dotnet2/SQLite.NET/testce/TestCases.cs#2

Marc

 

[Ryan Liu]

I don't really know what's going on, but the String class and
StringBuilder class do not just "eat up" or discard characters.

I suspect that the characters are in the string, assuming you've actually
added them, and that there's simply something about the way you're
inspecting the string that causes those characters to appear to be
missing.

Pete

I used UltraEdit, and switch to Hex mode, I can see characters have not been
added.

And I am using it to build a sql string, sometime DbCommand executes,
sometimes throws exception, says sql string has bad token.

From these 2 facts, I think the string does not have been built correctly.

BTW, when I replace ? with @ for parameters in SQLite statement. Sql command
works fine. Just still feel string builder issues is strange.

Thanks,

 

[Jon Skeet [C# MVP]]

I used UltraEdit, and switch to Hex mode, I can see characters have not been
added.

On what? Where are you taking the output from?

And I am using it to build a sql string, sometime DbCommand executes,
sometimes throws exception, says sql string has bad token.

From these 2 facts, I think the string does not have been built correctly.

Well, I'd be *very* surprised if you could show a short but complete
program which genuinely shows StringBuilder.Append to be failing.

BTW, when I replace ? with @ for parameters in SQLite statement. Sql command
works fine. Just still feel string builder issues is strange.

I'm 100% sure it's a failure in your reading of the output rather than
in StringBuilder.

Could you try to produce a short but complete program which
demonstrates the problem?

Jon

 

[Lasse Vågsæther Karlsen]

Nicholas,

Thanks!

I know string concatenation is not a good approach. But as I said, the
database I am using seems does not support parameter in cmd. I am using
sqlite with its .NET ADO 2.0 wrapper.

Which adapter is that?

If you're using the one from http://sqlite.phxsoftware.com/ then it
allows parameter very nicely.

 

[Ryan Liu]

On what? Where are you taking the output from?


Well, I'd be *very* surprised if you could show a short but complete
program which genuinely shows StringBuilder.Append to be failing.


I'm 100% sure it's a failure in your reading of the output rather than
in StringBuilder.

Could you try to produce a short but complete program which
demonstrates the problem?

Jon

I wrote 2 short and complete programs to do the testing, but it works fine,
so I am not uploading to the news group. Now I really don't know what's
wrong.

Thanks,