0

I'm working with SQL and C# so I need my string to show up verbatim to what I've type into them. For what I am working on the string needs to say

  • Select* from dbo.tblIndiviualFoods where foodName = 'food'

but when I debug the sting it comes out as

  • Select* from dbo.tblIndiviualFoods where foodName = 'food

here's what my code looks like I'm not quite sure what's wrong

string commandString = string.Format("Select* from dbo.tblIndiviualFoods where foodName = '{0}'", currentIngredentFromList);
Enigmativity
  • 113,464
  • 11
  • 89
  • 172
Alex West
  • 27
  • 3
  • Can't reproduce - https://dotnetfiddle.net/qlHxXt – stuartd Sep 05 '21 at 23:59
  • You say _when I debug the string_ - how are you debugging it? Incidentally I suspect SQL will want a space between the `SELECT` and the `*` – stuartd Sep 06 '21 at 00:01
  • 1
    Also, as a matter of style - prefixing the table name with `tbl` is very old-fashioned - and not ideal as [one day it might be a view, after all](https://dba.stackexchange.com/questions/154251/is-adding-the-tbl-prefix-to-table-names-really-a-problem) - and there's a spelling mistake - it should be 'Indivi**d**ualFoods' – stuartd Sep 06 '21 at 00:06
  • 3
    This is also a recipe for a SQL injection attack. Don't build SQL statements as a string like this. Use parameters properly. – Enigmativity Sep 06 '21 at 00:08
  • @stuartd believe it or not, [DBs don't care](https://www.db-fiddle.com/f/avjzdRB1zTMFxrce3ytUzA/0) about spaces around * – Caius Jard Sep 06 '21 at 06:22
  • Amen to Enigmativity's words. See http://Bobby-tables.com – Caius Jard Sep 06 '21 at 06:23

0 Answers0