开发者

Bizarre Escape Character Question

开发者 https://www.devze.com 2022-12-28 06:17 出处：网络

I hav开发者_如何转开发e the following c# code embedded in a literal <% %> of a c# asp.net page

相关专题：asp.net escaping sqlcommand

I hav开发者_如何转开发e the following c# code embedded in a literal <% %> of a c# asp.net page

string commandString = "SELECT tblData.Content " +
                        "FROM tblData " +
                        "WHERE (tblData.ref = N\'%"+myCurrentREF+"%\')";

This is breaking my code since it apparently cannot use the \' escape character. Why is it so? other escape characters like \" are working so why isn't \' working?

The sequence \" is "working" if you choose " as string terminator.

If you'd use @" as initial string terminator, the sequence \" does not escape the quote (but "" does).

So \" is not a "universal" escape sequence, and \' is none.

You shouldn't need to escape the single quote. but if you do, you can always try the @ approach.

string commandString = "SELECT tblData.Content " +
                    "FROM tblData " +
                    "WHERE (tblData.ref = '%"+myCurrentREF+"%')";

This is the correct way, but instead of = did not mean like?, or you string always start with %?