Turning a single quote into an escaped single quote within a string
101,712
Solution 1
Do this so you don't have to think about it:
s = s.Replace("'", @"\'");
Solution 2
Just to show another possible solution if this pertaining to MVC.NET (MVC5+):
var data= JSON.parse('@Html.Raw(HttpUtility.JavaScriptStringEncode(JsonConvert.SerializeObject(Model.memberObj)))');
This allows you to escape AND pass data to views as JavaScript. The key part is:
HttpUtility.JavaScriptStringEncode
Solution 3
I have a quick and dirty function to escape text before using in a mysql insert clause, this might help:
public static string MySqlEscape(Object usString)
{
if (usString is DBNull)
{
return "";
}
else
{
string sample = Convert.ToString(usString);
return Regex.Replace(sample, @"[\r\n\x00\x1a\\'""]", @"\$0");
}
}
Solution 4
Simplest one would be
Server.HtmlEncode(varYourString);
Related videos on Youtube
Author by
Justin Helgerson
Updated on July 09, 2022Comments
-
Justin Helgerson almost 2 years
It pains me to ask this, but, for some reason I have not been able to get this to work (it's late in the day, yes, that's my excuse).
Let's say I have this string:
s = "John's book."
Using the
replace
method from the object String, I want to turn it into this:s = "John\'s book."
I would have expected this code to give me what I want:
s = s.Replace("'", "\\'")
But, that results in:
"John\\'s book."
-
SirPentor almost 12 yearswhat you're doing looks like it should work. Is that result from the debugger? I think VS will "help" by showing a '\\' instead of a '\'.
-
Justin Helgerson almost 12 years@SirPentor - Indeed. I had it right, but, the debugger was showing me a different value.
-
-
Justin Helgerson almost 12 yearsI had tried that previously, and that did not work either. It results in:
John\\'s book.
-
lukiffer almost 12 yearsI think you may just be viewing it in the debugger/inspector which will show it escaped (twice) but if you do
Console.Write()
it should output correctly. -
BeemerGuy almost 12 yearsYou're probably debugging and looking at the result by hovering over
s
in Visual Studio... yes, that shows the escapes; coz that's the truth. But if you output the string somewhere (a text box, or in the console) it'll come out with a single slash. -
Justin Helgerson almost 12 yearsI guess I had it right all along. Although I don't agree that what the debugger was showing is "the truth", because it's not what the value truly is.
-
Manuel Hernandez almost 10 yearsAnyone care to modify this to explain why the literal works when the standards string notatiton does not?
-
BeemerGuy almost 10 years@manuelhe; both
s.Replace("'", @"\'");
ands.Replace("'", "\\'");
will give the same result -- the difference is in the debugger itself; it shows the string value as"John\\'s book."
with an extra slash. But if you output this in Console or a file, you will see the real result"John\'s book."
. -
sapbucket over 6 yearsThis does not work for me. I'm using C#, Sqlite, etc. What I get is a backslash in front of the single quote, which isn't how Sqlite escapes single quotes.
-
JohnP over 6 years@sapbucket as noted, this is for mysql. You could change it to insert the correct esc sequence.
-
Psddp about 6 yearsIs this supposed to work for http header values? I tried but it didn't.