0
我在我的C#程序中有sql查詢來搜索或過濾一些記錄。當我使用apostrope傳遞字符串值時,它會在我的C#程序中引發一些不正確的關鍵字錯誤。如何在sql搜索中識別&轉義撇號
我的樣品輸入
String Val= Tests of the 'convergence hypothesis' : a critical note/Daniel Cohen.
我的查詢
string MySqlQry="SELECT bc.BibId,
stuff(
(SELECT ' ' + bsc.NormValue + ''
FROM BibContents bsc
WHERE bsc.bibid = bc.bibid
AND bsc.tagno = '245'
ORDER BY bsc.Sfld
FOR xml path(''), root('MyString'), TYPE).value('/MyString[1]','varchar(max)') , 1, 1, '') AS Title,
stuff(
(SELECT ' ' + bsc.NormValue + ''
FROM BibContents bsc
WHERE bsc.bibid = bc.bibid
AND bsc.tagno = '020'
ORDER BY bsc.Sfld
FOR xml path(''), root('MyString'), TYPE).value('/MyString[1]','varchar(max)') , 1, 1, '') AS ISBN,
stuff(
(SELECT ' ' + bsc.NormValue + ''
FROM BibContents bsc
WHERE bsc.bibid = bc.bibid
AND bsc.tagno = '250'
ORDER BY bsc.Sfld
FOR xml path(''), root('MyString'), TYPE).value('/MyString[1]','varchar(max)') , 1, 1, '') AS Edition,
stuff(
(SELECT ' ' + bsc.NormValue + ''
FROM BibContents bsc
WHERE bsc.bibid = bc.bibid
AND bsc.tagno = '260'
ORDER BY bsc.Sfld
FOR xml path(''), root('MyString'), TYPE).value('/MyString[1]','varchar(max)') , 1, 1, '') AS Publisher,
(SELECT top(1) Value FROM BibContents
WHERE TagNo='100'
AND Sfld='a'
AND BibId=bc.BibId) AS Author
FROM BibContents bc
WHERE (bc.NormValue LIKE '" + Val + "%'
OR bc.NormValue LIKE '% " + Val + "%')
AND bc.TagNo='245'";
model = db.ExecuteStoreQuery<PoDetails>(MySqlQry).ToList();
在提供的解決方案的任何幫助表示讚賞。
最好的解決方案是使用'SqlParameter'並防止sql注入。 – Vladimir
http://stackoverflow.com/questions/8148815/c-sharp-sqlparameters-short-hand – Meff