'prevent escape string c#
I have my sql query which displays fields using "where" from a variable. I have my variable passed from a function
string empCode which value is "!\\("
Here's my code:
public List<int> GetSuccessAndFailedCountForTodayForAgent(string empCode)
{
var result = new List<int>();
string query = "SELECT (SELECT COUNT(*) FROM BusinessTransactions WHERE STATUS='Failed' AND ENTEREDDATE='" + DateTime.Now.Date.ToShortDateString() + "' AND AgentEmployeeCode='" + empCode + "') AS FAILED_COUNT, (SELECT COUNT(*) FROM BusinessTransactions WHERE STATUS='Completed' AND ENTEREDDATE='" + DateTime.Now.Date.ToShortDateString() + "' AND AgentEmployeeCode='" + empCode + "') AS SUCCESS_COUNT";
using (SqlConnection conn = new SqlConnection(asynchPaymentDBConnectionString))
{
conn.Open();
using (SqlCommand s = new SqlCommand(query, conn))
{
using (SqlDataReader reader = s.ExecuteReader())
{
try
{
if (reader.HasRows)
{
while (reader.Read())
{
result.Add(reader.GetInt32(0));
result.Add(reader.GetInt32(1));
}
}
}
catch (Exception ex)
{
//do something
}
}
}
}
return result;
}
In my C# the result becomes 0 - 0 which when i try to sql server directly it display a result of 2 - 0
The string !\\( is being treated as !\(
How can I use my string !\\( to my where clause?
EDIT:
I tried using parameters adding:
s.Parameters.Add("@EmployeeCode", SqlDbType.NVarChar, 16);
s.Parameters["@EmployeeCode"].Value = empCode;
Still doesn't work
Solution 1:[1]
To escape a backslash in C# string you can either use a double backslash or prefix the entire string with @ which will treat the string literally and escape all characters.
I.e.
@"foo!\(bar"
will produce the string
foo!\(bar
You can only do this when you are assigning the string to the variable, you can't prefix a variable with @.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Dharman |