Add string after certain text

Question

1.00/5 (2 votes)

See more:

I have a Where clause like

"copkshopno in ('5') and"

I want to append another filter in my where clause with same parameter like

"copkshopno in ('5,6,7,8') and"

As you see i have appended 6,7,8 how i can achieve this.

What I have tried:

string A = (ctrlParam as DNTextBox).ConnectedField + "in('"; //this one is used because i want to append text after this Text.
whereCondition += whereCondition.IndexOf(A) + string.Join(",", selectItems) + ") and ";

Posted 23-Aug-16 21:31pm

The Praveen Singh

Updated 23-Aug-16 22:21pm

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Karthik_Mahalingam · Accepted Answer · 2016-08-23T22:03:00

Solution 1

use String.Format[^], which will simplify the string concatenation.

C#

int[] items = new int[] { 1,2,3,4};
      string whereIn = string.Format(" in('{0}') and",string.Join(",",items));
      whereCondition += whereIn;

Formatting the sql Query string is vulnerable to SQL Injection[^] attacks
always use Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]

Posted 23-Aug-16 22:03pm

Karthik_Mahalingam

Updated 23-Aug-16 22:14pm

v2

Comments

Maciej Los 24-Aug-16 4:09am

Karthik, i'd NOT recommend to use string concatenation with SQL. OP needs to pass whereIn variable as a parameter into command, instead of concatenating it with whereCondition into single string (command).

Karthik_Mahalingam 24-Aug-16 4:15am

Yes Maciej
updated the solution.
I have just answered to the context.

Maciej Los 24-Aug-16 4:21am

5ed!
Please, see my answer ;)

Karthik_Mahalingam 24-Aug-16 4:27am

Thank you Maciej

The Praveen Singh 24-Aug-16 5:18am

@Karthik Actually you don't undersatnd what i exactly want to ask:-
whereCondition += (ctrlParam as DNTextBox).ConnectedField + " in ('" + string.Join("','", (ctrlParam as DNTextBox).Text.Replace(",", "','")) + "') and ";
Above syntax returns "copkshopno in ('5') and"
Again through loop next param comes Shopgroup in which multiple shop were found i want to append that in my wherecondition in query for coshopno.

Karthik_Mahalingam 24-Aug-16 5:21am

post the entire loop code.

The Praveen Singh 24-Aug-16 5:29am

pnl.Controls.CopyTo(arrCtrl, 0);
string whereCondition = string.Empty;
string SelectedValue = "";
//bool selectShop = false;
List<control> list = new List<control>(arrCtrl);
foreach (HtmlControl genParam in list.FindAll(p => { return (p is HtmlGenericControl); }))
{
if ((ctrlParam as DNTextBox).InputTable.ToLower() == "tashop")
{
whereCondition += (ctrlParam as DNTextBox).ConnectedField + " in ('" + string.Join("','", (ctrlParam as DNTextBox).Text.Replace(",", "','")) + "') and ";
}
if ((ctrlParam as DNTextBox).InputTable.ToLower() == "tashopgroups")
{
string selectItems = Parameters.getShopGroup(string.Join("','", (ctrlParam as DNTextBox).Text));
//Select items returns shop no on the basis of shop group which i want to append
if (selectItems == "")
{
string value = XYX.GUI.MultiLanguage.DNMultiLanguage.GetMessage("noshopfound");
string sccript = "<script>alertify.alert('" + value + "');</script>";
Page.ClientScript.RegisterStartupScript(GetType(), "key", sccript);
return;
}
}

}

Karthik_Mahalingam 24-Aug-16 5:34am

what does this contains
(ctrlParam as DNTextBox).Text

The Praveen Singh 24-Aug-16 5:41am

this is contains Value of Textbox.

The Praveen Singh 24-Aug-16 5:31am

if (whereCondition.Contains((ctrlParam as DNTextBox).ConnectedField))
{
//here i want to apend.
}

Karthik_Mahalingam 24-Aug-16 5:52am

append in between?

The Praveen Singh 24-Aug-16 6:03am

yes

The Praveen Singh 24-Aug-16 5:32am

//here ConnectedField return Param Names.

Karthik_Mahalingam 24-Aug-16 5:35am

as comma seperated?

The Praveen Singh 24-Aug-16 5:36am

yes

Karthik_Mahalingam 24-Aug-16 6:12am

try lke this in loop
string columnName = (ctrlParam as DNTextBox).ConnectedField;
string text = ctrlParam as DNTextBox).Text; // csv , nvarchar column in db
var values = text.Split(',');
whereCondition += string.Format("{0} in ('{1}')", columnName, string.Join("','", values));

The Praveen Singh 24-Aug-16 6:27am

this will return like this copkshopno in ('5') and copkshopno in ('1','2','3','4')

which does not provide expected result because of AND operator.

The Praveen Singh 24-Aug-16 6:27am

and I can't use OR operator here due to dependency of Other params.

The Praveen Singh 24-Aug-16 6:25am

before second parameter came Value look like copkshopno in ('5') and i want to append a String value='1,2,3' into in operator after 5.

Karthik_Mahalingam 24-Aug-16 6:29am

first store all the values in a variable from the loop and then use the above code..

The Praveen Singh 24-Aug-16 6:34am

sure i have store all value in variable after that i used your code this will return like this copkshopno in ('5') and copkshopno in ('1','2','3','4')

Karthik_Mahalingam 24-Aug-16 6:37am

List<string> Items = new List<string> ();
foreach (.......)
{
string text = ctrlParam as DNTextBox).Text; // csv , nvarchar column in db
Items.Add(text);
}

whereCondition += string.Format("{0} in ('{1}')", columnName, string.Join("','", Items));

The Praveen Singh 24-Aug-16 6:45am

how to get only 5,6,7 from "copkshopno in ('5,6,7') and"

Maciej Los · Accepted Answer · 2016-08-23T22:21:00

Note: this is not exact answer, but...

I want to warn you about SQL Injection[^]
How To: Protect From SQL Injection in ASP.NET[^]
Security Considerations (Entity Framework)[^]
Securing Your Database Server[^]

Conclusion: Do not concatenate string to build SQL command! Use parameterized queries instead!
How to: Execute a Parameterized Query[^]
How to: Execute a Parameterized Entity SQL Query Using EntityCommand[^]
Configuring Parameters and Parameter Data Types[^]