472,114 Members | 2,191 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,114 software developers and data experts.

How can i escape special characters( % [ _ ) in an Access SQL statement?

i need to escape characters, such as ( % and/or _ and/or [ ),
since i have database entries that have such characters in them.

the following piece works fine in an SQL statement (c#), but doesn't
return entries that have one of the above characters in the argument.

... like '%" + tbProduct.Text.Replace("'", "''") + "%' ...

thanks folks...

--

Nov 27 '06 #1
3 21786
Hi,

Would doing a myString.Replace("X", "[X]") will work.

Joe
--
http://www.csharp-station.com
"forest demon" wrote:
i need to escape characters, such as ( % and/or _ and/or [ ),
since i have database entries that have such characters in them.

the following piece works fine in an SQL statement (c#), but doesn't
return entries that have one of the above characters in the argument.

... like '%" + tbProduct.Text.Replace("'", "''") + "%' ...

thanks folks...

-¿-

Nov 28 '06 #2
dude! that's what i was looking for.

i can stack them like so if need be:
'%" + tbProduct.Text.Replace("'", "''").Replace("%", "[%]")
..Replace("[", "[[]") + "%'

that works fine for me now...

thanks man....i appreciate your input!
Joe Mayo (C# MVP) wrote:
Hi,

Would doing a myString.Replace("X", "[X]") will work.

Joe
--
http://www.csharp-station.com
"forest demon" wrote:
i need to escape characters, such as ( % and/or _ and/or [ ),
since i have database entries that have such characters in them.

the following piece works fine in an SQL statement (c#), but doesn't
return entries that have one of the above characters in the argument.

... like '%" + tbProduct.Text.Replace("'", "''") + "%' ...

thanks folks...

--
Nov 28 '06 #3
Hi!

It is a recommended practice to use @parameters to provide placeholders in
your Sql statements. Construct the Sql statement with parameters and assign
the values by mapping each value to the corresponding parameter. This has
the benefit of a much cleaner Sql statement and avoids potential code
injections.

Let me know if you need additional help on this.

--
With regards
Anders Borum / SphereWorks
Microsoft Certified Professional (.NET MCP)
Nov 28 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by Paul Rubin | last post: by
7 posts views Thread by Wolfgang Jeltsch | last post: by
9 posts views Thread by John Harrison | last post: by
41 posts views Thread by Ruby Tuesday | last post: by
7 posts views Thread by baroque Chou | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.