SQL formatting variables

  • Thread starter Thread starter =?iso-8859-1?Q?Andreas_H=E5kansson?=
  • Start date Start date
?

=?iso-8859-1?Q?Andreas_H=E5kansson?=

I have a set of variables (varies in type) which I will need to take
and make "SQL-safe", that is, if the variable is a string i need it
to be converted to 'string' and if it's a bool then it should be
coverted to 0 or 1 etc etc..

The reason for this is that I need to build a query dynamicly and
need the conditions (after the where clause) to be right formatted.

I thought I might be able to use the types in System.Data.SqlTypes
but it seems they are unable to return "SQL-safe" formatted values
(what a shame actually).

I would reeaaaaaaaally like not to have a huge switch (c#) statement
which checks for the type and makes the correct formatting. So does
anyone know of any solution I could use? I've looked and looked in
the System.Data namespaces without any luck.. I've even tried to
use the SqlParameter class since when using with for instance a
SqlCommand, they help give the right format, without any luck =/
 
Hi Andreas,

You will have to do it manually.
Anyway, why don't you rather use parametrized sql stataments instead of
concatenating them?

--
Miha Markic - RightHand .NET consulting & software development
miha at rthand com
www.rthand.com

"Andreas Håkansson" <andreas (at) selfinflicted.org> wrote in message
I have a set of variables (varies in type) which I will need to take
and make "SQL-safe", that is, if the variable is a string i need it
to be converted to 'string' and if it's a bool then it should be
coverted to 0 or 1 etc etc..

The reason for this is that I need to build a query dynamicly and
need the conditions (after the where clause) to be right formatted.

I thought I might be able to use the types in System.Data.SqlTypes
but it seems they are unable to return "SQL-safe" formatted values
(what a shame actually).

I would reeaaaaaaaally like not to have a huge switch (c#) statement
which checks for the type and makes the correct formatting. So does
anyone know of any solution I could use? I've looked and looked in
the System.Data namespaces without any luck.. I've even tried to
use the SqlParameter class since when using with for instance a
SqlCommand, they help give the right format, without any luck =/
 
You mean take the name of the parameter and add it to the querystring
along with a parameter name like @param1 etc and then add a new
SqlParameter object for each @paramXX mapping it to the correct
datatype and value and have the SqlDataAdapter do the trick for me?

--
ANDREAS HÅKANSSON
STUDENT OF SOFTWARE ENGINEERING
andreas (at) selfinflicted.org
"Miha Markic" <miha at rthand com> wrote in message Hi Andreas,

You will have to do it manually.
Anyway, why don't you rather use parametrized sql stataments instead of
concatenating them?

--
Miha Markic - RightHand .NET consulting & software development
miha at rthand com
www.rthand.com

"Andreas Håkansson" <andreas (at) selfinflicted.org> wrote in message
I have a set of variables (varies in type) which I will need to take
and make "SQL-safe", that is, if the variable is a string i need it
to be converted to 'string' and if it's a bool then it should be
coverted to 0 or 1 etc etc..

The reason for this is that I need to build a query dynamicly and
need the conditions (after the where clause) to be right formatted.

I thought I might be able to use the types in System.Data.SqlTypes
but it seems they are unable to return "SQL-safe" formatted values
(what a shame actually).

I would reeaaaaaaaally like not to have a huge switch (c#) statement
which checks for the type and makes the correct formatting. So does
anyone know of any solution I could use? I've looked and looked in
the System.Data namespaces without any luck.. I've even tried to
use the SqlParameter class since when using with for instance a
SqlCommand, they help give the right format, without any luck =/
 
Hi Andreas,

"Andreas Håkansson" <andreas (at) selfinflicted.org> wrote in message
You mean take the name of the parameter and add it to the querystring
along with a parameter name like @param1 etc and then add a new
SqlParameter object for each @paramXX mapping it to the correct
datatype and value and have the SqlDataAdapter do the trick for me?

Exactly.
Actually the trick will do SqlCommand :)
 
Back
Top