2

I have the code 

var body = @"{
                  ""sender_batch_header"": {
                    ""email_subject"": ""You have a payment"",
                    ""sender_batch_id"": ""batch-1564759643870""
                  },
                  ""items"": [
                    {
                      ""recipient_type"": ""PHONE"",
                      ""amount"": {
                        ""value"": ""1.00"",
                        ""currency"": ""USD""
                      },
                      ""receiver"": ""4087811638"",
                      ""note"": ""Payouts sample transaction"",
                      ""sender_item_id"": ""item-1-1564759643870""
                    },
                    {
                      ""recipient_type"": ""EMAIL"",
                      ""amount"": {
                        ""value"": ""1.00"",
                        ""currency"": ""USD""
                      },
                      ""receiver"": ""ps-rec@paypal.com"",
                      ""note"": ""Payouts sample transaction"",
                      ""sender_item_id"": ""item-2-1564759643870""
                    },
                    {
                      ""recipient_type"": ""PAYPAL_ID"",
                      ""amount"": {
                        ""value"": ""1.00"",
                        ""currency"": ""USD""
                      },
                      ""receiver"": ""FSMRBANCV8PSG"",
                      ""note"": ""Payouts sample transaction"",
                      ""sender_item_id"": ""item-3-1564759643871""
                    }
                  ]
                }";

I want the recipiant's email to be a string/ variable, and so I need to escape the double quote, however nothing Ive tried online works. Is this possible? this code is taken from https://www.paypal.com/apex/product-profile/payouts/createPayouts

I cant use \ to escape it, because I have the modifier @, and its in double quotes, so I cant escape it with more quotes.

I want to make EMAIL a variable that can be changed, not a part of the string's text.

Luke Vanzweden
  • 466
  • 3
  • 15

2 Answers2

4

Just break the @string on the part you need to create a variable. Then after adding the variable, start the string again with @string

var emailVar = ""; //email input

var body = @"{
              ""sender_batch_header"": {
                ""email_subject"": ""You have a payment"",
                ""sender_batch_id"": ""batch-1564759643870""
              },
              ""items"": [
                {
                  ""recipient_type"": ""PHONE"",
                  ""amount"": {
                    ""value"": ""1.00"",
                    ""currency"": ""USD""
                  },
                  ""receiver"": ""4087811638"",
                  ""note"": ""Payouts sample transaction"",
                  ""sender_item_id"": ""item-1-1564759643870""
                },
                {
                  ""recipient_type"": " + "\"" + emailVar + "\"" + @",
                  ""amount"": {
                    ""value"": ""1.00"",
                    ""currency"": ""USD""
                  },
                  ""receiver"": ""ps-rec@paypal.com"",
                  ""note"": ""Payouts sample transaction"",
                  ""sender_item_id"": ""item-2-1564759643870""
                },
                {
                  ""recipient_type"": ""PAYPAL_ID"",
                  ""amount"": {
                    ""value"": ""1.00"",
                    ""currency"": ""USD""
                  },
                  ""receiver"": ""FSMRBANCV8PSG"",
                  ""note"": ""Payouts sample transaction"",
                  ""sender_item_id"": ""item-3-1564759643871""
                }
              ]
            }";
Gabriel Llorico
  • 1,783
  • 1
  • 13
  • 23
  • 1
    If `emailVar` comes from an untrusted source, including it into the string like this can be used for a code injection attack. So, use an escaping function like `HttpUtility.JavaScriptStringEncode` on the string before using it to build JSon manually. – NineBerry Aug 02 '19 at 17:13
1

Instead of building the json string directly, use C# object literal notation to first create the data structure as a .net object and then let .net do the encoding for you.

string eMailAddress = "someone@somewhere.net";

// Create the data using object literal notation in C#
var data = new
{
    sender_batch_header = new
    {
        email_subject = "You have a payment",
        sender_batch_id = "batch-1564759643870"
    },
    items = new[]
    {
        new
        {
            recipient_type = "PHONE",
            amount = new
            {
                value = 1,
                currency = "USD"
            },
            receiver = "4087811638",
            note = "Payouts sample transaction",
            sender_item_id = "item-1-1564759643870"
        },
        new
        {
            recipient_type = "EMAIL",
            amount = new
            {
                value = 1,
                currency = "USD"
            },
            receiver = eMailAddress,
            note = "Payouts sample transaction",
            sender_item_id = "item-2-1564759643870"
        }
    }
};

// Let .net translate it to json either using JavaScriptSerializer (You have to reference system.web.extensions)
string json = new JavaScriptSerializer().Serialize(data);

// or you could use JSON.net from NewtonSoft
// string json = JsonConvert.SerializeObject(data, Formatting.Indented);

MessageBox.Show(json);

See also

NineBerry
  • 26,306
  • 3
  • 62
  • 93
  • 1
    This is a really clean approach. In my case, I needed an array, which is supported as well: `string json = JsonConvert.SerializeObject( new[] { new { op = "replace", path = "/title", value = newTitle } } ` – Jose Miralles May 01 '21 at 19:41