Question: String variable as literal

I have what I THINK is an incredibly simple question, though I can't
resolve it.

I have a reference that returns a string which oftentimes contains "\".
These returned strings ar produced by a DLL, which is out of my
control. The string is assigned to a variable:

string returnedValue;
returnedValue=Encrypt("my data");
(returnedValue is assigned something like "x9wk2\nSjsk"; notice the
"\n")

I need the string to be interpereted literally elsewhere in my code
(it's being injected into a table, and the escape-sequences are being
processed in the queries and erroring-out the commands), but when I try
to convert the escape-sequence character, nothing changes:

returnedValue=returnedValue.Replace("\\","\\\\")
-or-
returnedValue=returnedValue.Replace(@"\",@"\\")

(returnedValue is still "x9wk2\nSjsk")

I'm tearing my hair out here; what am I missing?

re: Question: String variable as literal

How do you know that the contents of the string are, really,
"x9wk2\nSjsk"? How did you "see" that? In the debugger? The debugger
changes control characters into escape sequences so that you can read
them. If you saw this in the debugger, then your string probably
doesn't contain a character "\" followed by a "n", but rather a newline
character, which is probably why your database barfed.

Anyway, you should never inject data directly into SQL queries. You
should, instead, do one of two things:

1. Write a static "EscapeTextForSql" method that cleans up your text
before you inject it into your query. In particular removing
non-printable characters and doubling all single quotes.

or

2. Use SqlParameters rather than building a complete query string.

re: Question: String variable as literal

kihoshk@gmail.com <kihoshk@gmail.com> wrote:[color=blue]
> I have what I THINK is an incredibly simple question, though I can't
> resolve it.
>
> I have a reference that returns a string which oftentimes contains "\".
> These returned strings ar produced by a DLL, which is out of my
> control. The string is assigned to a variable:
>
> string returnedValue;
> returnedValue=Encrypt("my data");
> (returnedValue is assigned something like "x9wk2\nSjsk"; notice the
> "\n")
>
> I need the string to be interpereted literally elsewhere in my code
> (it's being injected into a table, and the escape-sequences are being
> processed in the queries and erroring-out the commands), but when I try
> to convert the escape-sequence character, nothing changes:
>
> returnedValue=returnedValue.Replace("\\","\\\\")
> -or-
> returnedValue=returnedValue.Replace(@"\",@"\\")
>
> (returnedValue is still "x9wk2\nSjsk")
>
> I'm tearing my hair out here; what am I missing?[/color]

What exactly is processing the queries? If it's a SQL query, you should
use SQL parameters instead. Unless it's actually a C# compiler, you
almost certainly don't want to perform the same escaping as C# needs...

--
Jon Skeet - <skeet@pobox.com>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too