Can we add parameter in datatable.select in c#

I like to know is it possible to add parameter in datatable.select(expression).For example

string query="Name=@Name";          
//dt is comming from database.
dt.Select(query);

How to add this parameter @Name. I need to compare a value which contains single quote and it gets failed in the above case.

Thanks in advance

You can use String.Format, you need to escape single quotes with two:

string query = string.Format("Name='{0}'", name.Replace(@"'", "''"));
var rows = dt.Select(query);

or, if you want to use Like:

string query = string.Format("Name LIKE '%{0}%'", name.Replace(@"'", "''"));

(note that a DataTable is not vulnerable to sql-injection since it's an in-memory object)

You can pass only expression to Select method.

In case if you need to pass the parameter dynamically then you can try this.

string Exp = "Name ='" + variable + "'";

dt.select(Exp);

来源：https://stackoverflow.com/questions/18535076/can-we-add-parameter-in-datatable-select-in-c-sharp

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!