'prevent escape string c#

I have my sql query which displays fields using "where" from a variable. I have my variable passed from a function

string empCode which value is "!\\("

Here's my code:

public List<int> GetSuccessAndFailedCountForTodayForAgent(string empCode)
{
     var result = new List<int>();
     string query = "SELECT (SELECT COUNT(*) FROM BusinessTransactions WHERE STATUS='Failed' AND ENTEREDDATE='" + DateTime.Now.Date.ToShortDateString() + "' AND AgentEmployeeCode='" + empCode + "') AS FAILED_COUNT, (SELECT COUNT(*) FROM BusinessTransactions WHERE STATUS='Completed' AND ENTEREDDATE='" + DateTime.Now.Date.ToShortDateString() + "' AND AgentEmployeeCode='" + empCode  + "') AS SUCCESS_COUNT";
     using (SqlConnection conn = new SqlConnection(asynchPaymentDBConnectionString))
     {
          conn.Open();
          using (SqlCommand s = new SqlCommand(query, conn))
          {
               using (SqlDataReader reader = s.ExecuteReader())
               {
                    try
                    {
                         if (reader.HasRows)
                         {
                               while (reader.Read())
                               {
                                    result.Add(reader.GetInt32(0));
                                    result.Add(reader.GetInt32(1));
                               }
                         }
                   }
                   catch (Exception ex)
                   {
                         //do something
                   }
               }
          }
     }
     return result;
}

In my C# the result becomes 0 - 0 which when i try to sql server directly it display a result of 2 - 0

The string !\\( is being treated as !\(

How can I use my string !\\( to my where clause?

EDIT:

I tried using parameters adding:

s.Parameters.Add("@EmployeeCode", SqlDbType.NVarChar, 16);
s.Parameters["@EmployeeCode"].Value = empCode;

Still doesn't work



Solution 1:[1]

To escape a backslash in C# string you can either use a double backslash or prefix the entire string with @ which will treat the string literally and escape all characters.

I.e.

@"foo!\(bar"

will produce the string

foo!\(bar 

You can only do this when you are assigning the string to the variable, you can't prefix a variable with @.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Dharman