C# : Why is the value of empno between single quotes even though the empno is defined as an integer?

Question

string sql = "select * from e where empno= ' " + datagridview.currentrow.cells(0).value.tostring() + " ' ";

Why is the value of empno between single quotes even though the empno is defined as an integer?

Why do you ask to us? I am sure that none here has put that quotes there — Steve, Aug 12 '21 at 14:21
Please don't create SQL statements by concatenating values, please learn how to use sql parameters. — phuzi, Aug 12 '21 at 14:22
[What are good ways to prevent SQL injection?](https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection) • [SqlCommand Parameters Add vs. AddWithValue](https://stackoverflow.com/questions/21110001/sqlcommand-parameters-add-vs-addwithvalue) — , Aug 12 '21 at 16:50

score -1 · Accepted Answer · answered Aug 12 '21 at 14:47

May i make a suggestion to make your code easier to read. When working with string formatting, use interpolation rather than the '+' operator.

String interpolation provides a more readable and convenient syntax to create formatted string.

Example :

// Replace this line
string sql = "select * from e where empno= ' " + datagridview.currentrow.cells(0).value.tostring() + " ' "; 

// By this one
string sql = $"select * from e where empno='{datagridview.currentrow.cells(0).value.tostring()}'";

Documentation : String Interpolation

Do not encourage SQL injection. – mjwills Aug 12 '21 at 22:28 — mjwills, Aug 12 '21 at 22:28

C# : Why is the value of empno between single quotes even though the empno is defined as an integer?

1 Answers1