backslashing a quote in a string

[glenn]

I have a function call that needs text sent to it for a query. Some fields
require a double quote around the field name so I do my variable as such...

query = "field1 = val1 and \"field2\" = val2";

This is all cool, however, when I send that query string through a function
call it ends up with the following:

query = "field1 = val1 and \\\"field2\\\" = val2";

It backslashes the original backslash that I had to put there in order to
get the compiler to work. Can anyone tell me another way to do this so I
can finish this program? its the last thing I have to figure out...

Thanks,

glenn

 

[Tim Wilson]

Does the following string get you any farther?
string query = @"field1 = val1 and ""field2"" = val2";

 

[glenn]

Well I have been seeing that @ like that and have not figured out what that
is doing, but in this case it won't let me compile after I remove the
backslashes because the double quote throws it off...

glenn

 

[Tim Wilson]

The @ means verbatim or accept the string "as is". The only escapes really
being necessary for quotes. Can you describe your problem in a little more
depth using exact source code snippets where appropriate?

 

[glenn]

Sure thing:

What has happened is I"m working on an old database schema where some of the
fields have spaces in their name. When this happens the database requires
that you put double quotes around the field names when issuing a query. So
here is where I am building the string to make up a query where the user
selects what elements they want to search on. This is only a fragment...

if ( serialbox.Text != "" )

query += "\"Equipment Serial Number\" like '%" + serialbox.Text + "%' ";

before sending this I tested one more time while my brain was fresh and I
think last night that I did not replace the \ with another quote because I
just did it again and its working now. I'm sorry for the trouble. I had
been going since about 5:30am yesterday and it was late...

Thanks for the help,

glenn

 

[Ed Kaim]

Besides the double-quote issue, you should consider the potential security
implications of this code. I don't know what your backend is, but having
someone use something like

';drop foo;select * from foo where bar like '

in the textbox could cause problems down the road.

 

[Chris Tacke, eMVP]

Now that's fun that I never even considered! Time to try breaking the stuff
I already have done.

 

[glenn]

Yes, you are correct, however, this app will only be run on local network
and the code you are seeing is all test code as I'm trying to learn how all
this stuff works. I am very new to webservices and to VS.

Thanks for the pointer though,

glenn