Rather simple question I’ve got a SQL string similar to the following: query =

Question

0

Editorial Team

Asked: June 11, 20262026-06-11T16:40:12+00:00 2026-06-11T16:40:12+00:00

Rather simple question I’ve got a SQL string similar to the following: query =

0

Rather simple question

I’ve got a SQL string similar to the following:

query = "select * from table_name where name ='"+varName+"' and 
date ='"+varDate+"' order by state desc";

The varName, varDate are defined from a previous select query on another db’s table. Their values may have ‘ : / and other special characters within.

Is there a way either by use of C# or SQL that I can “escape” the contents of the varName, varDate in the above select statement?

I’d prefer not to covert special characters 🙂

EDIT:

Forgot to include – the setup is MSSQL

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-11T16:40:13+00:00

Editorial Team

2026-06-11T16:40:13+00:00Added an answer on June 11, 2026 at 4:40 pm

You can parameterise your queries using any reasonably mature API. This support is offered in ADO.NET:

string query = "select * from table_name where name = @name and date = @date order by state desc";
using (SqlCommand cmd = new SqlCommand(query))
{
  cmd.Parameters.Add("@name", name);
  cmd.Parameters.Add("@date", date);
  using (SqlDataReader reader = cmd.ExecuteReader())
  { ... }
}

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Rather simple question I’ve got a SQL string similar to the following: query =

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply