Home > Mobile >  funny characters in Sql String
funny characters in Sql String

Time:11-23

I have a query string that works fine if tableStr is for example MSFT. However, if tableStr is BRK-B, the query fails.

    string query = "SELECT * FROM "   tableStr   " where DATE(Date) >= "   "'"   howFarBack.ToString("yyyy-MM-dd")   "'";

How do I get around this?

CodePudding user response:

Per MySQL Documentation, "The identifier quote character is the backtick (`)".

This means that if your table name has special characters in it, you need to surround the identifier with backticks. To avoid SQL injection problems, you should also escape all backticks ` by converting them to double backticks ``.

For all other parameters, use command parameters to avoid SQL injection.

using var cmd = new MySqlCommand();
cmd.CommandText = "SELECT * FROM `"   tableStr.Replace("`", "``")   "` where DATE(Date) >= @howFarBack";
cmd.Parameters.AddWithValue("@howFarBack", howFarBack);

Page link:https//www.codepudding.com/Mobile/619165.html

Prev:Deleting or hiding individual requests from Firefox's Network tab (Developer tools)
Next:Convert string Ex: "Friday, 11 of november of 2022" to DateTime C#
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding