Can I convert a C# string value to an escaped string literal?
There's a method for this in Roslyn's Microsoft.CodeAnalysis.CSharp package on NuGet:
private static string ToLiteral(string valueTextForCompiler)
{
return Microsoft.CodeAnalysis.CSharp.SymbolDisplay.FormatLiteral(valueTextForCompiler, false);
}
Obviously, this didn't exist at the time of the original question, but it might help people who end up here from Google Search.
Convert a C# string value to an escaped string literal with Roslyn
You can create a SyntaxNode
(LiteralExpressionSyntax
) from the input string and than take the string representation of the created node:
public static string ToLiteral(this string input)
{
return SyntaxFactory.LiteralExpression(SyntaxKind.StringLiteralExpression, SyntaxFactory.Literal(input)).ToFullString();
}
How to convert a string containing escape characters to a string
If you are looking to replace all escaped character codes, not only the code for @
, you can use this snippet of code to do the conversion:
public static string UnescapeCodes(string src) {
var rx = new Regex("\\\\([0-9A-Fa-f]+)");
var res = new StringBuilder();
var pos = 0;
foreach (Match m in rx.Matches(src)) {
res.Append(src.Substring(pos, m.Index - pos));
pos = m.Index + m.Length;
res.Append((char)Convert.ToInt32(m.Groups[1].ToString(), 16));
}
res.Append(src.Substring(pos));
return res.ToString();
}
The code relies on a regular expression to find all sequences of hex digits, converting them to int
, and casting the resultant value to a char
.
C# Convert Escape Characters inside string variable into string literal for SQL query
Your problem is not caused by the escaped characters. Those only matter to C#. When the string is concatenated to your sql query, they will just be a regular carriage return and linefeed.
The real problem is caused by using string concatenation in the first place! You have an apostrophe in your data that will mess up the final query once it is concatenated.
Instead, use a parameterized query and this will not be a problem and you will avoid the sql injection vulnerability too!
// Here is the value of the string which IS NOT actually a verbatim string literal, but a value passed on from a selected dropdown list.
strEmailText = "We're writing in regard to XXX mentioned above.\r\nPlease contact us.\r\nWe're available by direct reply.\r\nThank you for your assistance."
// Here I create the actual SQL string for use to query the database
strSQL = @"SELECT DISTINCT TBL_EmailText.ID FROM TBL_EmailText WHERE TBL_EmailText.Text = @EmailText";
using (var sqlCmd = new SqlCommand(strSQL, conn))
{
sqlCmd.CommandType = CommandType.Text;
sqlCmd.Parameters.Add(new SqlParameter { ParameterName = "@EmailText", SqlDbType = SqlDbType.NVarChar, Value = strEmailText });
using(SqlDataReader rdr = sqlCmd.ExecuteReader())
{
//Do something with the data
}
}
Note the use of the parameter @EmailText
in the sql query and how it is added to the Parameters
collection of the sqlCmd
object.
This approach will eliminate the problem with apostrophes in the query and, more importantly, the sql injection vulnerability.
Escape double quotes in a string
No.
Either use verbatim string literals as you have, or escape the "
using backslash.
string test = "He said to me, \"Hello World\" . How are you?";
The string has not changed in either case - there is a single escaped "
in it. This is just a way to tell C# that the character is part of the string and not a string terminator.
Related Topics
Why Do I Get "'Property Cannot Be Assigned" When Sending an Smtp Email
Transparent Control Over Picturebox
How Is Generic Covariance & Contra-Variance Implemented in C# 4.0
Pass Extra Parameters to an Event Handler
When Should I Use Double Instead of Decimal
Factory Method With Di and Ioc
How to Access Random Item in List
What Is the 'Dynamic' Type in C# 4.0 Used For
Conditionally Change CSS Class in Razor View
Why Use the 'Ref' Keyword When Passing an Object
Dpi Awareness - Unaware in One Release, System Aware in the Other
How to Specify a Path in an Attribute to Map a Property in My Class to a Child Property in My Json
Best Practice For Forcing Garbage Collection in C#