用引号引起来的字符串在oracle中未正确终止
问题描述:
我的插入查询有问题
插入时
因为我的插入语句包含name =''Frank D''Souza''
它在插入时显示以下错误,带引号的字符串未正确终止.
问候
Sushil Dharmar
I have an problem with the insert query
while insertion
since my insert statement contains a name=''Frank D''Souza''
Its showing the following error at the time of insertion, Quoted string not properly terminated.
Regards
Sushil Dharmar
答
用2个单引号('''')替换1个单引号('')
以下内容将为您服务...
" Frank D"''Souza"
Replace 1 Single Quote('') with 2 Single Quotes ('''')
The following will work for you...
''Frank D''''Souza''
解决方案1可以使用,但我相信通常存在诸如此类问题的根本问题.
您不必手动更改数据.
我猜想您正在建立这样的查询:
Solution 1 will work, but I believe there is an underlying problem that usually is the cause of issues like this.
You shouldn''t manually have to alter your data.
I''m guessing you are building your query something like this:
var query = "INSERT .... VALUES ('" + yourValue + "');
您应该使用参数化查询,该查询将解决此问题以及数据库将容易受到的潜在sql注入攻击:
You should be using a paramaterized query which will take care of this and the potential sql injection attack that your database will be vulnerable to:
using (OracleCommand command = new OracleCommand("INSERT .... VALUES( :Name", connection))
{
command.Parameters.Add(new OracleParameter("Name", dogName));
// ... The rest of your code.
}
Kuthuparakkal
即使我以相同的方式创建了该解决方案,当将Value插入数据库中时,我也只是使用了内置函数Replace在asp.net中可用
例如:
字符串nam ="Frank D''Souza";
nam = nam.Replace(''",''''");
现在插入的值将是
仅在数据库中显示D.Souza .
不是 Frank D''''Souza ..:-)
Kuthuparakkal
Even I had founded the solution in the same way, when the Value is been inserted into the database, I just used the inbuild function Replace available in asp.net
For Egs:
string nam="Frank D''Souza";
nam=nam.Replace("''","''''");
now the inserted value would be
Frank D''Souza only in the DataBase..
not the Frank D''''Souza .. :-)