facing problems with Dictonary object
-
Hi All, I have one sample sql query and in where condition i need to put one value which is coming from dictonary object. sample sql query: select * from XYZ where column1= {0} so, i used string.Format(sql,searchvalue), sql: query with where condition searchvalue: Dictonaryobject(holds key and value) but while debugging it is not replacing dictionary value and it is replacing text like 'System.Collections.Generic.Dictionary`2[System.String,System.String]' i am a bit confused why it is not replacing with dictionary value. can anybody help on this?
fttyhtrhyfytrytrysetyetytesystryrty
-
Hi All, I have one sample sql query and in where condition i need to put one value which is coming from dictonary object. sample sql query: select * from XYZ where column1= {0} so, i used string.Format(sql,searchvalue), sql: query with where condition searchvalue: Dictonaryobject(holds key and value) but while debugging it is not replacing dictionary value and it is replacing text like 'System.Collections.Generic.Dictionary`2[System.String,System.String]' i am a bit confused why it is not replacing with dictionary value. can anybody help on this?
fttyhtrhyfytrytrysetyetytesystryrty
yadlaprasad wrote:
so, i used string.Format(sql,searchvalue),
You need to use
searchvalue["..."]where ... will be your key value. If you directly usesearchvalueyou will only get System.Collections.Generic.Dictionary`2.There are only 10 types of people in this world — those who understand binary, and those who don't.
-
Hi All, I have one sample sql query and in where condition i need to put one value which is coming from dictonary object. sample sql query: select * from XYZ where column1= {0} so, i used string.Format(sql,searchvalue), sql: query with where condition searchvalue: Dictonaryobject(holds key and value) but while debugging it is not replacing dictionary value and it is replacing text like 'System.Collections.Generic.Dictionary`2[System.String,System.String]' i am a bit confused why it is not replacing with dictionary value. can anybody help on this?
fttyhtrhyfytrytrysetyetytesystryrty
To add to Abinhavs' answer: Don't do it that way anyway! When you do, you leave your database open to an SQL injection attack[^] Do it this way
SqlCommand cmd = new SqlCommand("SELECT * FROM xyz WHERE column1=@SV");
cmd.Parameters.AddWithValue("@SV", searchvalue);Note that the convention is SQL keywords in uppercase, tablenames and fields lowercase.
All those who believe in psycho kinesis, raise my hand.
