Adding double quote to a string

[rnooraei]

Hi
I would like to add double quote around ListBoxColumn.Items(counter).Value which is comming from listbox, I tried to use "\"" but it did not work.

Thanks for help

For counter = 0 To (ListBoxColumn.Items.Count - 1)
If ListBoxColumn.Items(counter).Selected = True Then
strDynamicSqlCol = ListBoxColumn.Items(counter).Value + " ,"
strSqlCol = strSqlCol + strDynamicSqlCol
End If
Next

 

[jmeckley]

that fact that your variable name is sql leads me to believe this is an injected sql statement

string sql = "select * from table where id=" + 1

if so then stop. you should be using a parameterized query
string sql = "select * from table where id=@id"
when this sql statement is passed to the command object, define the parameter.

cmd.CommandText = sql;
cmd.AddParameterWithValue("id", 1);

if this is something different then use string.format to format the string. BTW you can reduce your code by using the enumerator

StringBuilder builder = new StringBuilder();
foreach(ListItem item in ListBoxColumn.Items)
{
   if(!item.Selected) continue;
   builder.Append("{0}, ", item.Value);
}
string foo = builder.ToString();

or

List<string> values = new List<string>();
foreach(ListItem item in ListBoxColumn.Items)
{
   if(!item.Selected) continue;
   values.Add(item.Value);
}
string foo = string.Join(", ", values.ToArray());

Jason Meckley
Programmer
Specialty Bakers, Inc.