How to get rid of single quotes in {0} string parameter?

Question

I made a service and it retrieve sql command from physical xml file.

It looks like:

<Sql>
        <![CDATA[ 
        SELECT 
                MAX(COMM_HIST_NO) AS COMM_HIST_NO
            ,   MAX(COMMUTER_NO) AS COMMUTER_NO
            ,   MAX(ARRIVED_AT_WORK) AS ARRIVED_AT_WORK
            ,   MAX(LEFT_WORK) AS LEFT_WORK

        FROM COMMUTE_HISTORY

        WHERE COMMUTER_NO = {0}
        AND DATEDIFF(DAY, {1}, GETDATE()) = 0
    ]]>
</Sql>

And here's what returns sql command as a string:

// arParams is an Array.
string.Format(xmlDoc.SelectSingleNode("/SVC/Sql").InnerText,arParms)

{1} is going to be a column name and I want my {1} parameter to be written as column name, which has no single quotes.

To be specific, Mybatis in Java provides ${param} and #{param} and the latter one gets rid of single quotes from the string param.

.NET must have developed this feature!

You want to use parameterized queries. If this is SQL Server, you can use named parameters like `COMMUTER_NO = @commuterNo` in your query, and use `SqlCommand` and `SqlParameter` classes to execute the query with the parameters. — Blorgbeard, Oct 17 '14 at 02:29
The problem is probably in how arParams is constructed. Can you show us that code? — KC-NH, Oct 17 '14 at 02:30
[Here's an example](http://stackoverflow.com/questions/7505808/using-parameters-in-sql-statements) of using parameterized queries in C# with SQL Server. — Blorgbeard, Oct 17 '14 at 02:31
Maybe you can use QUOTENAME({1}) which will make this a valid column name. — SubqueryCrunch, Oct 17 '14 at 06:12

score 0 · Accepted Answer · answered Oct 17 '14 at 15:31

0

Sorry, that was a simple mistake.

It worked at the first place. If single quotes are not given around the parameter, '' will not be there.

answered Oct 17 '14 at 15:31

hina10531

3,938
4
40
59

How to get rid of single quotes in {0} string parameter?

1 Answers1