Escaping verbatim string literals

问题

I have the following string which won't compile:

String formLookupPull = @"SELECT value1, '"+tableName+"', '"+columnName+"' FROM lkpLookups WHERE ""table"" = '" + tableName + "' and ""field"" = '" + columnName + "';";

The offending sections are :

""table"" =

and

""field"" =

The compiler is getting all mixed up on the escape sequence. Can anyone see what's wrong?

回答1:

The problem is that not all the strings you are concatenating are verbatim string literals, only the first portion of the concatenation is.

In other words,

@"SELECT value1, '"

is the only verbatim literal in the entire statement to build the final string.

You would need to add @ in front of the rest of your strings to make them all verbatim.

Which would make it look like:

String formLookupPull = @"SELECT value1, '"+tableName+ @"', '"+columnName+ @"' FROM lkpLookups WHERE ""table"" = '" + tableName + @"' and ""field"" = '" + columnName + @"';";

回答2:

To address your title question...

To escape the quote in a verbatim string literal, use the quote-escape-sequence "" (that's two quote characters)

string a = @"He said ""Hi!""..."; // He said "Hi!"...

See MSDN for more details on escaping, etc.

Note that in your posted code, the only verbatim string is the very first one (with the @ before it). The subsequent strings are not verbatim, so the proper escape sequence would be \".

You can make it look prettier with string.Format:

String formLookupPull = 
   string.Format(@"SELECT value1, '{0}', '{1}' FROM lkpLookups" +
                 @"WHERE ""table"" = '{0}' and ""field"" = '{1}';", 
                 tableName, columnName)

回答3:

You want to use \" to escape quotes, not "".

Like this:

.. FROM lkpLookups WHERE \"table\" = '" ..

Edit:

Further explanation:

You only have an @ on the first of all the strings you're concatenating. In literal strings (with an @ in front) you escape quotes with a double quote. In normal strings, it's slash-quote.

Eg.

string s = @"this is a literal string with ""quotes"" in it, " 
         +  "and this is a normal string with \"quotes\" in it";

string t = @"two literal strings" + @", concatenated together.";

回答4:

Well after your first end of quote, the @ symbol is no longer being used anyways so you are free to use the escape character. Try putting your "table" wrapped in '[' like [table] and [field] or escaping the " character with a \.

String formLookupPull = @"SELECT value1, '" + tableName + "', '" + columnName + "' FROM lkpLookups WHERE [table] = '" + tableName + "' and [field] = '" + columnName + "';";

回答5:

If you cannot use SQL Parameters, String.Format can be little cleaner and readable than pure "+ concatenation".

string formLookupPull = 
  string.Format(@"SELECT value1, '{0}', '{1}' 
                       FROM lkpLookups 
                   WHERE ""table"" = '{0}' AND ""field"" = '{1}';",
                tableName, columnName);

回答6:

String formLookupPull = @"SELECT value1, '"+tableName+"', '"+columnName+"' FROM lkpLookups WHERE \"table\" = '" + tableName + "' and \"field\" = '" + columnName + "';";

I also trust that you are escaping these variables correctly before building this query :)