Re: simple but weird string concatenation

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Nicholas,

Thanks!

I know string concatenation is not a good approach. But as I said, the
database I am using seems does not support parameter in cmd. I am using
sqlite with its .NET ADO 2.0 wrapper.

I also use StringBuilder, that will help on performance.


System.Diagnostics.Debug.WriteLine(sb.ToString());
sb.Append(")");
System.Diagnostics.Debug.WriteLine(sb.ToString());

It prints same thing twice. The ")" is not appended!

I can think about the way to work around database problem. Is that possible
contains special charater to like "end of line", "backspace"?

I am testing with VS 2005 on Vista Enterprise edition. Both simplifed
Chinese version.

Thanks!

----- Original Message ----- From: "Nicholas Paldino [.NET/C# MVP]" <mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.dotnet.languages.csharp
Sent: Monday, January 14, 2008 1:07 PM
Subject: Re: simple but weird string concatenation


Ryan,

Well, you really shouldn't be doing this kind of concatenation in the first place. Why aren't you parameterizing the INSERT command, and then setting the values of the parameters? The readability of the command will be much better, you will protect yourself from injection attacks, and you would probably be able to find out where the last quote/parenthesis/whatever should be.

Right now, with that kind of input, it is a disaster waiting to happen.


--
- Nicholas Paldino [.NET/C# MVP]
- mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx

"Ryan Liu" <rliu@xxxxxxxxxxxxx> wrote in message news:%23WVKiTmVIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I build a sql string, but sometime what I got missing the last part -- ")".

sql = "insert into project (sid, job_id, name, project_code, note, qn_ver,greeting) values ( " //greeting
+ proj.ID + ","
+ job.JobTId + ",'"
+ proj.Name.Replace("'", "''") + "','"
+ proj.ProjectCode.Replace("'", "''") + "','"
+ proj.Note.Replace("'", "''") + "',"
+ proj.Version + ",'"
+ proj.Greeting.Replace("'", "''") + "'"
+ ")";


DbTool.ExecNoQuery(sql, conn, trans);

the last column Greeting is Rtf, so quite long: Greeting =

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset134 \'cb\'ce\'cc\'e5;}{\f1\fnil\fcharset134 \'cb\'ce\'cc\'e5;}}
{\colortbl ;\red0\green0\blue255;}
\viewkind4\uc1\pard\fi400\sl-320\slmult0\f0\fs20\par
\'ce\'d2\'c3\'c7\'b5\'c4\'b7\'c3\'ce\'ca\'b4\'f3\'b8\'c5\'bb\'e1\'bb\'a8\'b7\'d1\'c4\'fa\'ca\'ae\'bc\'b8\'b7\'d6\'d6\'d3\'b5\'c4\'ca\'b1\'bc\'e4\'a3\'ac\'cf\'a3\'cd\'fb\'b5\'c3\'b5\'bd\'c4\'fa\'b5\'c4\'ba\'cf\'d7\'f7! \par
\'d0\'bb\'d0\'bb\'a1\'a3\par
\par
\cf1\f1\fs24\'c7\'eb\'ce\'ca\'ce\'d2\'c4\'dc\'ba\'cd\'c4\'fa\'bc\'d2\ul\b 18\'cb\'ea\'b5\'bd55\'cb\'ea\ulnone\b0\'a3\'ac\ul\b\'ba\'c8\'c6\'a1\'be\'c6\ulnone\b0\'b5\'c4\'bc\'d2\'cd\'a5\'b3\'c9\'d4\'b1\'cc\'b8\'d2\'bb\'cc\'b8\'c2\'f0\'a3\'bf\par
\pard\cf0\lang2052\fs18\par
\par
\lang1033\f0\fs20\par
}

This is what I got: sql =

insert into project (sid, job_id, proj_guid, name, project_code, note, qn_ver,greeting) values ( 3,4,'?¨¤?¦Ì-2','Proj-2','',2,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset134 \''cb\''ce\''cc\''e5;}{\f1\fnil\fcharset134 \''cb\''ce\''cc\''e5;}}
{\colortbl ;\red0\green0\blue255;}
\viewkind4\uc1\pard\fi400\sl-320\slmult0\f0\fs20\par
\''ce\''d2\''c3\''c7\''b5\''c4\''b7\''c3\''ce\''ca\''b4\''f3\''b8\''c5\''bb\''e1\''bb\''a8\''b7\''d1\''c4\''fa\''ca\''ae\''bc\''b8\''b7\''d6\''d6\''d3\''b5\''c4\''ca\''b1\''bc\''e4\''a3\''ac\''cf\''a3\''cd\''fb\''b5\''c3\''b5\''bd\''c4\''fa\''b5\''c4\''ba\''cf\''d7\''f7! \par
\''d0\''bb\''d0\''bb\''a1\''a3\par
\par
\cf1\f1\fs24\''c7\''eb\''ce\''ca\''ce\''d2\''c4\''dc\''ba\''cd\''c4\''fa\''bc\''d2\ul\b 18\''cb\''ea\''b5\''bd55\''cb\''ea\ulnone\b0\''a3\''ac\ul\b\''ba\''c8\''c6\''a1\''be\''c6\ulnone\b0\''b5\''c4\''bc\''d2\''cd\''a5\''b3\''c9\''d4\''b1\''cc\''b8\''d2\''bb\''cc\''b8\''c2\''f0\''a3\''bf\par
\pard\cf0\lang2052\fs18\par
\par
\lang1033\f0\fs20\par
}


See, the last ') is missing!

But sometime it is OK. For example, when greeting uses another value, I got complete sql =

insert into project (sid, job_id, proj_guid, name, project_code, note, qn_ver,greeting) values ( 4,4,'08heb4-data','08heb4','',5,'{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fcharset134 \''cb\''ce\''cc\''e5;}}
{\colortbl ;\red255\green0\blue0;}
\viewkind4\uc1\pard\lang2052\f0\fs24\''c4\''fa\''ba\''c3!\''b4\''f2\''c8\''c5\''c4\''fa\''c1\''cb\''a3\''a8\''b7\''c7\''b3\''a3\''b8\''df\''d0\''cb\''bd\''d3\''cd\''a8\''c4\''fa\''b5\''c4\''b5\''e7\''bb\''b0\''a3\''a9\''a3\''ac\''d5\''e2\''c0\''ef\''ca\''c7\''b1\''b1\''be\''a9\''bb\''aa\''cd\''a8\''c3\''f7\''c2\''d4\''b5\''e7\''bb\''b0\''b7\''c3\par
\par
\''ce\''ca\''d6\''d0\''d0\''c4\''a3\''ac\''ce\''d2\''ca\''c7__\''ba\''c5\''b7\''c3\''ce\''ca\''d4\''b1,\''c7\''eb\''ce\''ca\''c4\''fa\''d5\''e2\''c0\''ef\''ca\''c7\''bc\''d2\''cd\''a5\''b5\''e7\''bb\''b0\''c2\''f0\''a3\''bf\cf1 (\''b7\''c3\''ce\''ca\''d4\''b1\''d7\''a2\''d2\''e2:\''c8\''f4\''b2\''bb\par
\par
\''ca\''c7,\''c7\''eb\''b9\''d2\''b6\''cf\''b5\''e7\''bb\''b0) \cf0\''ce\''d2\''c3\''c7\''d5\''fd\''d4\''da\''c8\''ab\''b9\''fa\''b7\''b6\''ce\''a7\''c4\''da\''bd\''f8\''d0\''d0\''d2\''bb\''cf\''ee\''bc\''d2\''cd\''a5\''c8\''d5\''d3\''c3\''c6\''b7\''b7\''bd\''c3\''e6\''b5\''c4\''b7\''c3\''ce\''ca,\''cf\''eb\par
\par
\''c7\''eb\''bd\''cc\''c4\''fa\''bc\''b8\''b8\''f6\''d0\''a1\''ce\''ca\''cc\''e2\''a1\''a3\par
}
')


That is very weird. Greeting is just a string, it can not have special control character.

I can not use db cmd parapeter, seems sqlite does not support it.

Very appreciate for any help!

~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.

Ryan Liu Shanghai Fengpu Software Co. Ltd
Shanghai , China

http://www.PowerCATI.com Powerful CATI!
http://www.fpsoft.net.cn
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.



.

Relevant Pages

  • Re: PATCH: Speed up direct string concatenation by 20+%!
    ... obvious Python approach for string concatenation: ... The suggested idiom for fast string concatenation was this: ... Benchmark 1: ...
    (comp.lang.python)
  • PATCH: Speed up direct string concatenation by 20+%!
    ... Note that while developing this patch I discovered a Subtle Bug ... obvious Python approach for string concatenation: ... The suggested idiom for fast string concatenation was this: ...
    (comp.lang.python)
  • Re: Confounded by Python objects
    ... So I wrote a simple loop that creates a new Sequence, ... fills all the Channels with data, ... is that you were accidentally doing repeated string concatenation. ...
    (comp.lang.python)
  • Re: Confounded by Python objects
    ... So I wrote a simple loop that creates a new Sequence, ... got really slow -- like a couple of seconds per iteration. ... Without actually seeing the code, it's difficult to be sure, but my guess is that you were accidentally doing repeated string concatenation. ...
    (comp.lang.python)
  • Re: Console.WriteLine(s) Is Missing Line Terminator?
    ... pretty much the same way as & when it comes to string concatenation. ... The difference is that it requires at least one operand to ... If you don't like the result of the implcit ToString call, ... 'special' string concatenation operator in any of the other .NET languages. ...
    (microsoft.public.dotnet.general)