I have a connection string in my web config:
<add name="MyConString" connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass"word" providerName="System.Data.SqlClient" />
As you see, there is a quotation sign ( " ) in the password (given from other dept. I can't change this db users password).
How do I have to escape the quote in this connection string?
Btw: I already tried & quot; in the string. That didn't work - ado.net got an ArgumenException then: "Format of the initialization string does not conform to specification starting at index 57." 57 is where the & quot; is in my connection string. I also tried enclosing the password part in ' - didn't work either.
Also tried "" and \" - web.config can't be parsed then.
Thanks for the solution:
I had to combine the escaping of the double quote and putting the password in single quotes:
<add name="MyConString" connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass"word'" providerName="System.Data.SqlClient" />
Use " instead of " to escape it.
web.config is an XML file so you should use XML escaping.
connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass"word"
See this forum thread.
Update:
" should work, but as it doesn't, have you tried some of the other string escape sequences for .NET? \" and ""?
Update 2:
Try single quotes for the connectionString:
connectionString='Server=dbsrv;User ID=myDbUser;Password=somepass"word'
Or:
connectionString='Server=dbsrv;User ID=myDbUser;Password=somepass"word'
Update 3:
From MSDN (SqlConnection.ConnectionString Property):
To include values that contain a semicolon, single-quote character, or double-quote character, the value must be enclosed in double quotation marks. If the value contains both a semicolon and a double-quote character, the value can be enclosed in single quotation marks.
So:
connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass"word'"
The issue is not with web.config, but the format of the connection string. In a connection string, if you have a " in a value (of the key-value pair), you need to enclose the value in '. So, while Password=somepass"word does not work, Password='somepass"word' does.
connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass"word"
Since the web.config is XML, you need to escape the five special characters:
& -> & ampersand, U+0026< -> < left angle bracket, less-than sign, U+003C> -> > right angle bracket, greater-than sign, U+003E" -> " quotation mark, U+0022' -> ' apostrophe, U+0027
+ is not a problem, I suppose.
if ""
Use " That should work.
Odeds answer is almost complete. Just one thing to add.
- Escape xml special chars like Emanuele Greco said.
- Put the password in single quotes like Oded said
- (this one is new) Escape single ticks with another single tick (ref)
having this password="'; this sould be a valid connection string:
connectionString='Server=dbsrv;User ID=myDbUser;Password='"&&;'
来源:https://stackoverflow.com/questions/3177861/escape-quote-in-web-config-connection-string