c# - stringbuilder.tostring() assigned to datatable.select() not always working, any ideas why? -


datarow[] dr = datatable.select(stringbuilder.tostring()); 

this code selects looks like. if parameter of string type, it's fine.but if happens above, doesn't seem work time. fine until yesterday , code broken today.

any ideas cause this? went stringbuilder since constructing select statement concatenating strings

the construction of select statements happen through switch, example compare equality (we're applying filters) below:

select.appendline(filter.column);  select.appendline(" ");  select.appendline(comparisonoperatorsenum.equal);  select.appendline(" '");  select.appendline(filter.value.tostring());  select.appendline("' "); 

i suggest changing appendline append. open sql injection attack. suggest

select.append(filter.value.tostring().replace("'", "\""); 

Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -