[英]How do you handle a single quote in an asp.net web search
How do you handle special characters in an asp.net web search with SQL Server back end database. 如何使用SQL Server后端数据库处理asp.net Web搜索中的特殊字符。 For example, single quotes and double quotes, etc.
例如,单引号和双引号等。
Replacing the single quote '
or double quotes "
would be done like this 更换单引号
'
或双引号"
就这样进行
StrQuery = "Select * from TableName Where Keyword LIKE '%" + TxtSearchBox.Text + "%'";
StrQuery = StrQuery.Replace("'", "\'");
StrQuery = StrQuery.Replace('"', "\"");
StrQuery = StrQuery.Replace("\", "\\");
Another very important thing is you'd be better off using Parameterized queries . 另一个非常重要的事情是,使用参数化查询会更好。 These will automatically handle the single quotes, and protect you better from SQL Injection.
这些将自动处理单引号,并更好地保护您免受SQL Injection。
SET QUOTED_IDENTIFIER would follow the ISO rules regarding quotation mark delimiting identifiers and literal strings. SET QUOTED_IDENTIFIER将遵循有关引号定界标识符和文字字符串的ISO规则。 Identifiers delimited by double quotation marks can be either Transact-SQL reserved keywords or can contain characters not generally allowed by the Transact-SQL syntax rules for identifiers.
用双引号引起来的标识符可以是Transact-SQL保留关键字,也可以包含Transact-SQL语法规则通常不允许使用的字符作为标识符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.