C# newbie string concatenation question

Question

I have the following code in a project I'm working on:

foreach(DataTable myTable in myDataSet.Tables)
{
string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = "'" + myTable.TableName + "'"
MessageBox.Show(sSQL);
}

For some reason, the second apostrophe (') is not getting added to the string. In fact, anything I try to append after myTable.TableName, doesn't get appended. If I replace myTable.TableName with the name of a table, it works! If I use a variable, and set that to a table name, it works too!

Can anyone tell me what I'm doing wrong here?

Thanks for any information!

hey, why the downvote? it's a perfctly reasonable question :) — Antony Scott
– Antony Scott, Commented Aug 6, 2011 at 22:46
string sSQL = "SELECT Name FROM _Columns WHERE Table = " + "'" + myTable.TableName + "'"; — Brendan
– Brendan, Commented Aug 6, 2011 at 22:52
By which you mean "SELECT `Name` FROM _Columns WHERE `Table` = " + "'" + myTable.TableName + "'";? (Little more readable this way) — Ken Wayne VanderLinde
– Ken Wayne VanderLinde, Commented Aug 6, 2011 at 22:57

Guffa · Accepted Answer · 2011-08-06 22:44:39Z

2

That won't even compile, you are ending the string before the first apostrophe.

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'"

answered Aug 6, 2011 at 22:44

Guffa

703k112 gold badges760 silver badges1k bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

Brendan Over a year ago

It must be something in my project that's causing the issue. I created a new project and tried everything that was suggested here, and they all worked! But when I try in my project, none of them do. Thanks for the help all...

Yahia · Accepted Answer · 2011-08-06 22:43:10Z

1

try

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'";

BEWARE that this code is wide open to SQL injection which is a massive security problem...
Better use Queries with parameters instead!

answered Aug 6, 2011 at 22:43

Yahia

70.5k9 gold badges117 silver badges147 bronze badges

Comments

sternr · Accepted Answer · 2011-08-06 22:43:12Z

1

To put a " inside a string you need to add an escape char before: \"

answered Aug 6, 2011 at 22:43

sternr

6,5569 gold badges46 silver badges64 bronze badges

Comments

zellio · Accepted Answer · 2011-08-06 22:43:13Z

1

you have one too many "

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = "'" + myTable.TableName + "'"

should be

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'"

Also why aren't you using an entity framework like LINQ?

answered Aug 6, 2011 at 22:43

zellio

32.8k1 gold badge46 silver badges64 bronze badges

2 Comments

Brendan Over a year ago

Thanks for replying. I tried that as well, but I'm still getting the same result.

Brendan Over a year ago

Re: LINQ: to use LINQ, do I need some kind of database 'provider' layer that would handle the connection to the database? I'm trying to work with windows installer databases, rather than the standard SQL server, Sybase etc..

Brian · Accepted Answer · 2011-08-06 22:42:44Z

0

Your string should look like this:

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'";

answered Aug 6, 2011 at 22:42

Brian

13.6k13 gold badges62 silver badges103 bronze badges

Comments

Nathan Ratcliff · Accepted Answer · 2011-08-06 22:45:12Z

0

Too many double quotes.

You might try this for easier reading:

string sSQL = string.Format("SELECT `Name` FROM _Columns WHERE `Table` = '{0}'", myTable.TableName)

Should accomplish the same thing.

answered Aug 6, 2011 at 22:45

Nathan Ratcliff

1,50213 silver badges15 bronze badges

Comments

Antony Scott · Accepted Answer · 2011-08-06 22:45:31Z

0

it's not being added because you're ending the string just before it.

take a look at string.Format as an alternative way of constructing strings.

as other(s) have said tat code shouldn't even compile.

answered Aug 6, 2011 at 22:45

Antony Scott

22.1k12 gold badges64 silver badges95 bronze badges

Comments

Mike Richards · Accepted Answer · 2011-08-06 22:45:41Z

0

Others have answered this, but on top of those answers, for this it's easier to use string.Format

var sSQL = string.Format("Select 'Name' FROM _Columns WHERE 'Table' = '{0}'", myTable.TableName);

answered Aug 6, 2011 at 22:45

Mike Richards

5,6773 gold badges30 silver badges35 bronze badges

Comments

Paulo Santos · Accepted Answer · 2011-08-06 22:45:55Z

0

In my opinion, you should avoid building concatenated SQL strings in your code. It's simply evil doing things like that.

However, if you must, try something like this:

foreach(DataTable myTable in myDataSet.Tables)
{
    string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + 
                       myTable.TableName.Replace("'", "''") + "'";
    MessageBox.Show(sSQL);
}

answered Aug 6, 2011 at 22:45

Paulo Santos

11.7k5 gold badges46 silver badges67 bronze badges

Comments

Ken Wayne VanderLinde · Accepted Answer · 2011-08-06 22:48:22Z

0

Try this.

string sSQL = "SELECT `Name` FROM  _Columns WHERE `Table` = '" + myTable.TableName + "'";

edited Aug 6, 2011 at 22:48

Ken Wayne VanderLinde

19.4k5 gold badges51 silver badges76 bronze badges

answered Aug 6, 2011 at 22:45

Scott Munro

13.7k3 gold badges76 silver badges82 bronze badges

Collectives™ on Stack Overflow

C# newbie string concatenation question

10 Answers 10

1 Comment

Comments

Comments

2 Comments

Comments

Comments

Comments

Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

10 Answers 10

1 Comment

Comments

Comments

2 Comments

Comments

Comments

Comments

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related