Escaping verbatim string literals

Question

I have the following string which won't compile:

String formLookupPull = @"SELECT value1, '"+tableName+"', '"+columnName+"' FROM lkpLookups WHERE ""table"" = '" + tableName + "' and ""field"" = '" + columnName + "';";

The offending sections are :

""table"" =

and

""field"" =

THe compiler is getting all mixed up on the escape sequence. Can anyone see what's wrong?

thaks, brian

Answer 1

You want to use \" to escape quotes, not "".

Like this:

.. FROM lkpLookups WHERE \"table\" = '" ..

Edit:

Further explanation:

You only have an @ on the first of all the strings you're concatenating. In literal strings (with an @ in front) you escape quotes with a double quote. In normal strings, it's slash-quote.

Eg.

string s = @"this is a literal string with ""quotes"" in it, " 
         +  "and this is a normal string with \"quotes\" in it";

string t = @"two literal strings" + @", concatenated together.";

Answer 2

String formLookupPull = @"SELECT value1, '"+tableName+"', '"+columnName+"' FROM lkpLookups WHERE \"table\" = '" + tableName + "' and \"field\" = '" + columnName + "';";

I also trust that you are escaping these variables correctly before building this query :)

Answer 3

Well after your first end of quote, the @ symbol is no longer being used anyways so you are free to use the escape character. Try putting your "table" wrapped in '[' like [table] and [field] or escaping the " character with a \.

String formLookupPull = @"SELECT value1, '" + tableName + "', '" + columnName + "' FROM lkpLookups WHERE [table] = '" + tableName + "' and [field] = '" + columnName + "';";

Answer 4

To address your title question...

To escape the quote in a verbatim string literal, use the quote-escape-sequence "" (that's two quote characters)

string a = @"He said ""Hi!""..."; // He said "Hi!"...

See MSDN for more details on escaping, etc.

Note that in your posted code, the only verbatim string is the very first one (with the @ before it). The subsequent strings are not verbatim, so the proper escape sequence would be \".

You can make it look prettier with string.Format:

String formLookupPull = 
   string.Format(@"SELECT value1, '{0}', '{1}' FROM lkpLookups" +
                 @"WHERE ""table"" = '{0}' and ""field"" = '{1}';", 
                 tableName, columnName)

Answer 5

If you cannot use SQL Parameters, String.Format can be little cleaner and readable than pure "+ concatenation".

string formLookupPull = 
  string.Format(@"SELECT value1, '{0}', '{1}' 
                       FROM lkpLookups 
                   WHERE ""table"" = '{0}' AND ""field"" = '{1}';",
                tableName, columnName);

Answer 6

The problem is that not all the strings you are concatenating are string literals, only the first portion of the concatenation is.

IE:

@"SELECT value1, '"

Is the only literal in the entire statement to build the final string.

You would need to add @ in front of the rest of your strings to make them all literal.

Which would make it look like..

String formLookupPull = @"SELECT value1, '"+tableName+ @"', '"+columnName+ @"' FROM lkpLookups WHERE ""table"" = '" + tableName + @"' and ""field"" = '" + columnName + @"';";

Answer 7

Why are you quoting the literal names of the columns, seem unnecessary to me.

"SELECT value1, " + tableName + "," + columnName +" FROM lkpLookups WHERE table = '" + tableName + "' and field = '" = columnName + "';";

Not tested but I think you will get the idea.