I have the following c# code embedded in a literal <% %> of a c# asp.net page
string commandString = "SELECT tblData.Content " +
"FROM tblData " +
"WHERE (tblData.ref = N\'%"+myCurrentREF+"%\')";
This is breaking my code since it apparently cannot use the \' escape character. Why is it so? other escape characters like \" are working so why isn't \' working?
You shouldn't need to escape the single quote. but if you do, you can always try the @ approach.
The sequence \" is "working" if you choose " as string terminator.
If you'd use @" as initial string terminator, the sequence \" does not escape the quote (but "" does).
So \" is not a "universal" escape sequence, and \' is none.
string commandString = "SELECT tblData.Content " +
"FROM tblData " +
"WHERE (tblData.ref = '%"+myCurrentREF+"%')";
This is the correct way, but instead of = did not mean like?, or you string always start with %?