C # Three Processing Methods for Special Character single quotes in Database Operations

Method 1: escape characters

Use single quotes as escape characters, that is, two single quotes are used consecutively.

 

Select * From jq_jjjl where BT like '% Female' %'

The above code matches all BT fields in the jq_jjjl table.
Female'. (Pay attention to single quotes)

 

Method 2: sqldataadapter

 

String constr = "Server =" + dbconfig. dbapp_ip + "; user id =" + dbconfig. dbapp_user + "; Password =" + dbconfig. dbapp_passwd + "; database =" + dbconfig. dbapp_dbname + "; Connect timeout = 30"; string comment STR = "select * From wireless_comment e_t"; // create the adapter with the selectcommand TXT and the connection stringsqldataadapter adapter = new sqldataadapter (comment STR, constr); // create the builder for the adapter to automatically generate the command when neededsqlcommandbuilder builder = new sqlcommandbuilder (adapter ); // create and fill the dataset using the wireless_police_tdataset dataset = new dataset (); adapter. fill (dataset, "wireless_inclue_t"); // get the wireless_inclue_t table from the datasetdatatable table = dataset. tables ["wireless_inclue_t"]; // indicate datacolumn wlpid is unique, this is required by the sqlcommandbuilder to update the wireless_inclue_t tabletable. columns ["wlpid"]. unique = true; // new row from the wireless_1_e_t tabledatarow ROW = table. newrow (); // update a column // row ["XXX"] = xxx; // your value assignment statement // now update the wireless_detail e_t using the adapter // The oraclecommandbuilder will create the updatecommand for the adapter to update the wireless_detail e_t tableadapter. update (dataset, "wireless_police_t ");

Method 3: Construct an SQL statement (similar to preparedstatement in Java)

 

 

String constr = "Server =" + dbconfig. dbapp_ip + "; user id =" + dbconfig. dbapp_user + "; Password =" + dbconfig. dbapp_passwd + "; database =" + dbconfig. dbapp_dbname + "; Connect timeout = 30"; sqlconnection conn = new sqlconnection (constr ); // The SQL statement may contain single quotation marks./** string character STR = "Update wireless_person_t set personname = '" + person. getpersonname () + "', personsex ='" + person. getpersonsex () + "', yid ='" + person. Getyid () + "', caseinfoid ='" + person. getcaseinfoid () + "', kind ='" + person. getkind () + "', caseremark ='" + person. getcaseremark () + "', arrivalkind ='" + person. getarrivalkind () + "'where personid =" + person. getpersonid (); **/string character STR = "Update wireless_person_t set personname = @ personname, personsex = '" + person. getpersonsex () + "', yid = @ Yid, caseinfoid ='" + person. getcaseinfoid () + "', kind ='" + person. g Etkind () + "', caseremark = @ caseremark, arrivalkind ='" + person. getarrivalkind () + "'where personid =" + person. getpersonid (); console. writeline (writable Str); // sqlcommand command = new sqlcommand (writable STR, Conn); sqlcommand command = Conn. createcommand (); command. commandtext = comment STR; command. parameters. add (New sqlparameter ("personname", person. getpersonname (); command. parameters. add (New sqlparameter (" Yid ", person. getyid (); command. parameters. add (New sqlparameter ("caseremark", person. getcaseremark (); try {Conn. open (); command. executenonquery (); console. writeline ("information saved! ");} Catch (exception E2) {MessageBox. Show (" An error occurred while saving! "+ E2.message); return;} finally {conn. Close ();}

In the above Code, person is an object instance.