Click here to Skip to main content
15,884,592 members
Search within:


Word containing single quote breaks to next column after single quote while filling to oledb dataset in csv file import
Please Sign up or sign in to vote.
0.00/5 (No votes)
Word containing single quote breaks to next column after single quote while filling to OleDb Dataset in csv file import
Word - 4' 9 test June 2019

What I have tried:

C#
string sql = @"SELECT * FROM [" + this.FileName + "]";
            using (OleDbConnection objConnection = new OleDbConnection(ConnectionString))
            using (OleDbCommand command = new OleDbCommand(sql, objConnection))
            using (OleDbDataAdapter objDataAdapter = new OleDbDataAdapter(command))
            {

                try
                {
                    objConnection.Open();
                    objDataAdapter.Fill(dsData);
                }
                catch (Exception ex)
                {}
}
Posted
Updated 3-Sep-19 14:29pm
v2
Add a Solution
Comments
CHill60 3-Sep-19 7:57am    
Your code is vulnerable to SQL Injection attacks.
You are "swallowing" any exceptions - get rid of the try-catch or at very least alert the user to any errors
Member 11220730 3-Sep-19 7:58am    
My issue is Word containing single quote breaks to next column after single quote while filling to oledb dataset in csv file import
Richard MacCutchan 3-Sep-19 8:20am    
What word, where, which line of code? Please edit your question and provide proper details of your problem.
Patrice T 3-Sep-19 8:26am    
Show sample record that make error.

3 solutions

Simple solution: Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

And your problem will go away at the same time...
 
Share this answer
 
Posted
Quote:
Word containing single quote breaks to next column after single quote while filling to OleDb Dataset in csv file import
The reason is—as explained in Solution 1—that your input is not sanitized. Your query is like this,
SQL
SELECT * FROM ['Employee];
INSERT INTO ...
As you can see, your SQL command when built using string concatenation, leaves the string values unescaped and string (as in your case) when not properly quoted can flow over to the next lines.

The solution to this is to use parameters as input, which can help your SQL query builder to properly sanitize the inputs and escape any unwanted values. This can lead to prevention of SQL Injection and these kind of non-SQL Injection problematic inputs. It is possible that a user might input the values unintentionally. Read this fun comic for a humor, xkcd: Exploits of a Mom[^].

Check out this documentation page on Microsoft Docs to learn how this can work in a real world solution, OleDbCommand.Parameters Property (System.Data.OleDb) | Microsoft Docs[^]
 
Share this answer
 
Posted
Quote:
Word containing single quote breaks to next column after single quote while filling to OleDb Dataset in csv file import

When I import a csv (like) file in Excel, I am asked what is the field separator and what is the string delimiter.
Where do you tell those 2 informations in this code.
My experience is that I get least problems with tabs as field separator and nothing for strings delimiter.

You still haven't show sample data.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How to delete the single quotes( ' ) from my out put grid view C#
Dataverse single choice column showing values on csv file after export
How to generate single excel sheet in an excel file from multiple datasets
Single quote issue in C# dataset
Single quotes issue in HTML
Handling Single Quote Issue in ODBC
Remove Single Quot From Filename
Remove a single double quote in a string
How to find the "classes", "row" and "column" of titanic dataset csv
Interpolation with single quotes in Javascript

Advertise
Privacy
Cookies
Terms of Use
Last Updated 3 Sep 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900