c# - stringbuilder.tostring() assigned to datatable.select() not always working, any ideas why? -
datarow[] dr = datatable.select(stringbuilder.tostring());
this code selects looks like. if parameter of string type, it's fine.but if happens above, doesn't seem work time. fine until yesterday , code broken today.
any ideas cause this? went stringbuilder since constructing select statement concatenating strings
the construction of select statements happen through switch, example compare equality (we're applying filters) below:
select.appendline(filter.column); select.appendline(" "); select.appendline(comparisonoperatorsenum.equal); select.appendline(" '"); select.appendline(filter.value.tostring()); select.appendline("' ");
i suggest changing appendline
append
. open sql injection attack. suggest
select.append(filter.value.tostring().replace("'", "\"");
Comments
Post a Comment