Question
I like to know is it possible to add parameter in datatable.select(expression).For example
https://stackoverflow.com/questions/18535076
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianstring query="Name=@Name";
//dt is comming from database.
dt.Select(query);
How to add this parameter @Name. I need to compare a value which contains single quote and it gets failed in the above case.
Thanks in advance
Solution
You can use String.Format, you need to escape single quotes with two:
string query = string.Format("Name='{0}'", name.Replace(@"'", "''"));
var rows = dt.Select(query);
or, if you want to use Like:
string query = string.Format("Name LIKE '%{0}%'", name.Replace(@"'", "''"));
(note that a DataTable is not vulnerable to sql-injection since it's an in-memory object)
OTHER TIPS
You can pass only expression to Select method.
In case if you need to pass the parameter dynamically then you can try this.
string Exp = "Name ='" + variable + "'";
dt.select(Exp);
