I like to know is it possible to add parameter in datatable.select(expression).For example
string query="Name=@Name";
//dt is comming from database.
dt.Select(query);
How to add this parameter @Name. I need to compare a value which contains single quote and it gets failed in the above case.
Thanks in advance
You can use String.Format, you need to escape single quotes with two:
string query = string.Format("Name='{0}'", name.Replace(@"'", "''"));
var rows = dt.Select(query);
or, if you want to use Like:
string query = string.Format("Name LIKE '%{0}%'", name.Replace(@"'", "''"));
(note that a DataTable is not vulnerable to sql-injection since it's an in-memory object)
You can pass only expression to Select method.
In case if you need to pass the parameter dynamically then you can try this.
string Exp = "Name ='" + variable + "'";
dt.select(Exp);
来源:https://stackoverflow.com/questions/18535076/can-we-add-parameter-in-datatable-select-in-c-sharp