string.replace每个'，除了第一个和最后一个

Question

I have a c# project where I call a MySQL query, which is built up from a string I send to the method.

I have a problem if the string has a single quote '

I want to replace it with a \\' so it's safe for MySQL

But when I build up the query I add a single quote and a % in the beginning and the end of the string; for example '%texthere%'

So I need to know how do I replace every single quote except the first and last one?

So it will replace only from: '%thi'stext%'

To this: '%thi\\'stext'%

Answer 1

Simple:

int first = s.IndexOf('\'');
int last = s.LastIndexOf('\'');
string prefix = s.Substring(0, first+1);
string query = s.Substring(first+1, last-first-1);
string suffix = s.Substring(last);
s = prefix + query.Replace("'", "\\'") + suffix;

Of course, you should really use SQL parameters instead.

Answer 2

so stupid me i finally looked over the method alot better

i fixed it by string.Replace("'", "\\'")

BEFORE i add a % & ' the to the beginning and % & ' at the end

i learned alot from you guys, thanks so much

Answer 3

First use a trim function to cut single quotes from each side of the string. Then replace "'" with "\\'" and add the single quotes back to each side of the string. This would not work if ' was the first or last character in the string because it would be trimmed.

Answer 4

The way I have done this before is as follows:

1. Use IndexOf to get the index of the first occurrence of the character.
2. Get a substring of the original string starting at the index found in Step 1
3. Reverse the substring found in Step 2
4. Repeat Step 1 on the reversed string from Step 3, and you are now left with a substring containing the string from after the first ' character to before the last one.
5. Reverse the substring from Step 4 again (to get it back to original order) and replace the remaining ' characters with \\'

6. Rebuild the string using (pseudoCode) -

   finalString = string.Concat( originalString.Substring(0, firstIndex), replacedSubstringFromStep5, originalString.Substring(secondIndex, originalStringLength - 1)

This will get you a string with anything before and including the first ' character and anything after the last one from the original string, and everything in between will be the replaced ' characters that are now escaped for your MySQL query.

Hope this helps!

Edit: note when I did this, it was for string manipulation in an interlinking application, and not for database queries. I do agree it is better to use stored procs and parameters as others have stated; however, the solution I have provided, without getting into best practices and such, will do what OP is seeking.

Answer 5

Reffer bellow link

Strip double quotes from a string in .NET

Replace all double quotes withing String

Hope this one is help you if not get solution than tell me i will give another solution

EDIT Okey so try string like this and give feed back

string query=@"%thi'stext%";

Answer 6

I hope this method helps you: Assuming raw matches the pattern "'%free text here with single quotes%'"

    private string ReplaceSpecial(string raw)
    {
        return String.Format("'%{0}%'", raw.Substring(2, raw.Length - 2).Replace("'", "\\'"));
    }