1

Possible Duplicate:
how to add { in String Format c#

When i'm rewriting always the same thing, i'm used to write what I call a string pattern of it.

Let's say I would like to do SQL injection to extend ORM functionality...

protected static string FULLTEXTPATTERN = "EXISTS CONTAINSTABLE([{0}],*,'\"{1}\"') WHERE [key] = {0}.id;

And usually I got the table name and value that i combine in a string.format(FULLTEXTPATTERN ,...) and everything is fine.

Imagine now, I have to do that in two time. first injecting the table name, then the value I search for. So I would like to write something like:

protected static string FULLTEXTPATTERN = "EXISTS CONTAINSTABLE([{0}],*,'\"{{0}}/*Something that returns {0} after string.format*/\"') WHERE [key] = {0}.id;
...
var PartialPattern= string.fomat(FULLTEXTPATTERN, "TableX");
//PartialPattern = "EXISTS CONTAINSTABLE([TableX],*,'\"{0}\"') WHERE [key] = {0}.id"
...
//later in the code
...
var sqlStatement = string.format(PartialPattern,"Pitming");
//sqlStatement = "EXISTS CONTAINSTABLE([TableX],*,'\"Pitming\"') WHERE [key] = {0}.id"

Is there a way to do it ?

Community
  • 1
  • 1
Pit Ming
  • 401
  • 2
  • 5
  • 13
  • Use placeholders. If your library doesn't support them... switch. (Table names cannot be bound in placeholders so those must be manually injected.) This embedded-to-be-replaced-later `{0}` looks like a nightmare. Consider: `EXISTS CONTAINSTABLE({table},*,@value) WHERE ...` –  Mar 28 '12 at 12:23
  • 1
    Related question: [how to add { in String Format c#](http://stackoverflow.com/questions/9084309/how-to-add-in-string-format-c-sharp/9084352#9084352) – M.Babcock Mar 28 '12 at 12:25
  • Are you just asking how to escape the literal string `{0}`? If so, you've kinda already answered it - you double up the braces `{{0}}`. Can you make you question clearer? – Rob Levine Mar 28 '12 at 12:28
  • When posting code, please post code that will at least compile (`string.fomat`? really?). – Oded Mar 28 '12 at 12:30
  • 1
    this should not be closed as duplicate (even I voted to do), it has some specifics and @AndrasZoltan correctly pointed them – Adrian Iftode Mar 28 '12 at 12:39
  • @AdrianIftode I agree - it's *related* but subtlely different due to the nested `Format`s – Andras Zoltan Mar 28 '12 at 12:47
  • @M.Babcock since you are the only other commenter to vote for closure, and therefore the only one I can msg to, may I suggest you look again at this question and my answer, and consider voting to re-open? – Andras Zoltan Mar 28 '12 at 12:52
  • @AndrasZoltan - I voted, but 3 isn't enough to get it reopened. Maybe there's someone in chat that you can convince to help. – M.Babcock Mar 28 '12 at 12:56
  • @M.Babcock Good idea. I had a look, but it's like a graveyard over there! Ah well. – Andras Zoltan Mar 28 '12 at 13:06
  • @AndrasZoltan - The good news is your answer is likely the best one, and now that it's closed you don't have to worry about competition :D. – M.Babcock Mar 28 '12 at 13:08

2 Answers2

1

Logic says that you would simply put {{{0}}} in the format string to have it reduce down to {0} after the second string.Format call, but you can't - that throws a FormatException. But that's because you need yet another { and }, otherwise it really is not in the correct format :).

What you could do - set your full format to this (note the 4 { and } characters at the end):

"EXISTS CONTAINSTABLE([{0}],*,'\"{{0}}\"') WHERE [key] = {{{{0}}}}.id";

Then your final string will contain the {0} you expect.

As a proof - run this test:

    [TestMethod]
    public void StringFormatTest()
    {
        string result = string.Format(string.Format(
          "{0} {{0}} {{{{0}}}}", "inner"), "middle");
        Assert.AreEqual("inner middle {0}", result);
    }
Andras Zoltan
  • 41,961
  • 13
  • 104
  • 160
0

Is it possible to delay generating SQL to the point at which you have all the required inputs so that you can use one call to String.Format() and multiple fields?

Alternatively, you could you build the query iteratively using a StringBuilder rather than String.Format().

Omaha
  • 2,262
  • 15
  • 18