tags:

views:

1318

answers:

2
+1  Q: 

Correct way to escape characters in a DataTable Filter Expression

Hi

I would like to know if there is a function to correctly escape string literals for filter expressions.

e.g.

DataTable.Select(String.Format("[name] = '{0}'", MyName))

If MyName contains ' or a number of other key characters an exception is generated. The Microsoft documentation indicates that these charaters should be correctly escaped, however there is a bit of confusion on how this is to be done.

I have tried replacing ' with \' and also ['] as indicated in the documentation, however the query still fails.

Many Thanks

+1  A: 

Balls. Might help if I read the comments of the article I cited!

If I replace ' with two single ' the query works.

Ady  2008-12-22 12:20:16
That's not even DataTable specific, but rather the general way of doing it in SQL. :-)
Tomalak  2008-12-22 12:31:36
Although I use parameterised queries, so don't come across the need for this in SQL. But I get you.
Ady  2008-12-22 12:35:26
If you use parameterized queries you are on the safe side anyway, but a TableFilter is an in-memory subset of SQL, consisting of a WHERE clause that must conform to SQL syntax rules. It's just a string, so no parameters here. That's why this extra step must be taken.
Tomalak  2008-12-22 14:40:08
+1  A: 

Escape the single quote ' by doubling it to ''. Escape * % [ ] characters by wrapping in []. e.g. 

private string EscapeLikeValue(string value)
{
    StringBuilder sb = new StringBuilder(value.Length);
    for (int i = 0; i < value.Length; i++)
    {
        char c = value[i];
        switch (c)
        {
            case ']':
            case '[':
            case '%':
            case '*':
                sb.Append("[").Append(c).Append("]");
                break;
            case '\'':
                sb.Append("''");
                break;
            default:
                sb.Append(c);
                break;
        }
    }
    return sb.ToString();
}

public DataRow[] SearchTheDataTable(string searchText)
{ 
     return myDataTable.Select("someColumn LIKE '" 
                                 + EscapeLikeValue(searchText) + "'");
}

Thanks to examples here

Rory  2010-05-28 10:30:03

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?