469,336 Members | 5,360 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,336 developers. It's quick & easy.

How can i escape special characters( % [ _ ) in an Access SQL statement?

i need to escape characters, such as ( % and/or _ and/or [ ),
since i have database entries that have such characters in them.

the following piece works fine in an SQL statement (c#), but doesn't
return entries that have one of the above characters in the argument.

... like '%" + tbProduct.Text.Replace("'", "''") + "%' ...

thanks folks...

--

Nov 27 '06 #1
3 20932
Hi,

Would doing a myString.Replace("X", "[X]") will work.

Joe
--
http://www.csharp-station.com
"forest demon" wrote:
i need to escape characters, such as ( % and/or _ and/or [ ),
since i have database entries that have such characters in them.

the following piece works fine in an SQL statement (c#), but doesn't
return entries that have one of the above characters in the argument.

... like '%" + tbProduct.Text.Replace("'", "''") + "%' ...

thanks folks...

-¿-

Nov 28 '06 #2
dude! that's what i was looking for.

i can stack them like so if need be:
'%" + tbProduct.Text.Replace("'", "''").Replace("%", "[%]")
..Replace("[", "[[]") + "%'

that works fine for me now...

thanks man....i appreciate your input!
Joe Mayo (C# MVP) wrote:
Hi,

Would doing a myString.Replace("X", "[X]") will work.

Joe
--
http://www.csharp-station.com
"forest demon" wrote:
i need to escape characters, such as ( % and/or _ and/or [ ),
since i have database entries that have such characters in them.

the following piece works fine in an SQL statement (c#), but doesn't
return entries that have one of the above characters in the argument.

... like '%" + tbProduct.Text.Replace("'", "''") + "%' ...

thanks folks...

--
Nov 28 '06 #3
Hi!

It is a recommended practice to use @parameters to provide placeholders in
your Sql statements. Construct the Sql statement with parameters and assign
the values by mapping each value to the corresponding parameter. This has
the benefit of a much cleaner Sql statement and avoids potential code
injections.

Let me know if you need additional help on this.

--
With regards
Anders Borum / SphereWorks
Microsoft Certified Professional (.NET MCP)
Nov 28 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by Paul Rubin | last post: by
7 posts views Thread by Wolfgang Jeltsch | last post: by
9 posts views Thread by John Harrison | last post: by
41 posts views Thread by Ruby Tuesday | last post: by
7 posts views Thread by baroque Chou | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by haryvincent176 | last post: by
reply views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.