问题描述:

There is a really big application, which is having the problem with single quotes sending to a database while executing a query, as of now using replace function to replace single quote with 2 single quotes which solves the issue for specific attributes, but I want to do a minimal change which can take care of the entire application issue in the DAL layer.

Here is my question :

EXECUTE PROCEDURE sp_procedurename ('1', 'test', 'tester's code', '0')

The above string should be converted to

EXECUTE PROCEDURE sp_procedurename ('1', 'test', 'tester''s code', '0') Or

EXECUTE PROCEDURE sp_procedurename ('1', 'test', 'testers code', '0')

either replacing with 2 single quotes or eliminating it also works.

网友答案:

This should work.

  string pattern = @"(\w+)'(\w+)";
  string replacement = "$1''$2";
  string input = "EXECUTE PROCEDURE sp_procedurename ('1', 'test', 'tester's code', '0')";
  string result = Regex.Replace(input, pattern, replacement);

Use "$1$2" as replacement if you don't want the single quotes.

相关阅读:
Top