Escaping verbatim string literals
https://stackoverflow.com/questions/652310
-
19-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have the following string which won't compile:
String formLookupPull = @"SELECT value1, '"+tableName+"', '"+columnName+"' FROM lkpLookups WHERE ""table"" = '" + tableName + "' and ""field"" = '" + columnName + "';";
The offending sections are :
""table"" =
and
""field"" =
The compiler is getting all mixed up on the escape sequence. Can anyone see what's wrong?
Solution
The problem is that not all the strings you are concatenating are verbatim string literals, only the first portion of the concatenation is.
In other words,
@"SELECT value1, '"
is the only verbatim literal in the entire statement to build the final string.
You would need to add @ in front of the rest of your strings to make them all verbatim.
Which would make it look like:
String formLookupPull = @"SELECT value1, '"+tableName+ @"', '"+columnName+ @"' FROM lkpLookups WHERE ""table"" = '" + tableName + @"' and ""field"" = '" + columnName + @"';";
OTHER TIPS
To address your title question...
To escape the quote in a verbatim string literal, use the quote-escape-sequence "" (that's two quote characters)
string a = @"He said ""Hi!""..."; // He said "Hi!"...
See MSDN for more details on escaping, etc.
Note that in your posted code, the only verbatim string is the very first one (with the @ before it). The subsequent strings are not verbatim, so the proper escape sequence would be \".
You can make it look prettier with string.Format:
String formLookupPull =
string.Format(@"SELECT value1, '{0}', '{1}' FROM lkpLookups" +
@"WHERE ""table"" = '{0}' and ""field"" = '{1}';",
tableName, columnName)
You want to use \" to escape quotes, not "".
Like this:
.. FROM lkpLookups WHERE \"table\" = '" ..
Edit:
Further explanation:
You only have an @ on the first of all the strings you're concatenating. In literal strings (with an @ in front) you escape quotes with a double quote. In normal strings, it's slash-quote.
Eg.
string s = @"this is a literal string with ""quotes"" in it, "
+ "and this is a normal string with \"quotes\" in it";
string t = @"two literal strings" + @", concatenated together.";
Well after your first end of quote, the @ symbol is no longer being used anyways so you are free to use the escape character. Try putting your "table" wrapped in '[' like [table] and [field] or escaping the " character with a \.
String formLookupPull = @"SELECT value1, '" + tableName + "', '" + columnName + "' FROM lkpLookups WHERE [table] = '" + tableName + "' and [field] = '" + columnName + "';";
If you cannot use SQL Parameters, String.Format can be little cleaner and readable than pure "+ concatenation".
string formLookupPull =
string.Format(@"SELECT value1, '{0}', '{1}'
FROM lkpLookups
WHERE ""table"" = '{0}' AND ""field"" = '{1}';",
tableName, columnName);
String formLookupPull = @"SELECT value1, '"+tableName+"', '"+columnName+"' FROM lkpLookups WHERE \"table\" = '" + tableName + "' and \"field\" = '" + columnName + "';";
I also trust that you are escaping these variables correctly before building this query :)
Why are you quoting the literal names of the columns, seem unnecessary to me.
"SELECT value1, " + tableName + "," + columnName +" FROM lkpLookups WHERE table = '" + tableName + "' and field = '" = columnName + "';";
Not tested but I think you will get the idea.
