2

The regex below is not what I exactly need:

Regex.Replace(value.ToString(), "[^0-9a-zA-Z]+", "")

I need to remove escape characters from my string because I am creating one SQL with string and when I have this character ' or this \r\n etc. my Sql generates an error, I cannot use : SqlParameter in this case as I just have a list of SQLs in string, but I can remove the characters that I don't want.

So, I only need to remove these characters:

\r \n ' /\

Added my codes as requested:

private static string ConvertWhetherUsesComas(object value) { // formats with comas or not if (value is String) { // fix problem with break characters such as \/`' value = String.Format("'{0}'", Regex.Replace(value.ToString(), "[^0-9a-zA-Z]+", "")); } else if (value is DateTime) { value = String.Format("'{0}'", value.SafeToDateTime(null).Value.ToString("yyyy-MM-dd hh:mm:ss tt")); } else if (value == null) { value = "NULL"; } else if (value is Boolean) { value = value.SafeToBool(false) == false ? 0 : 1; } return value.ToString(); } private static List<String> ConvertDiferencesToSql<T>(Differences<T> differences, string tableName, string primaryKey) where T : IHasId<int> { var result = new List<String>(); differences.New.ToList().ForEach(newItem => { var fieldNames = new StringBuilder(); var fieldValues = new StringBuilder(); var properties = newItem.GetType().GetProperties().ToList(); properties.ForEach(f => { var propertyName = f.Name.ToUpper() == "ID" ? primaryKey : f.Name; var propertyValue = ConvertWhetherUsesComas(f.GetValue(newItem)); if (propertyValue == "NULL") return; // ignores null values fieldNames.AppendFormat("{0},", propertyName); fieldValues.AppendFormat("{0},", propertyValue); }); var sqlFields = fieldNames.ToString(0, fieldNames.Length - 1); var sqlValues = fieldValues.ToString(0, fieldValues.Length - 1); result.Add(String.Format("INSERT INTO {0} ({1}) VALUES ({2});", tableName, sqlFields, sqlValues)); }); differences.Changed.ForEach(changedRecord => { var fields = new StringBuilder(); changedRecord.ChangedFields.ForEach(changedField => { var propertyName = changedField.Property == "ID" ? primaryKey : changedField.Property; var propertyValue = ConvertWhetherUsesComas(changedField.NewValue); fields.AppendFormat("{0}={1},", propertyName, propertyValue); }); var sqlFields = fields.ToString(0, fields.Length - 1); result.Add(String.Format("UPDATE {0} SET {1} WHERE {2}={3};", tableName, sqlFields, primaryKey, changedRecord.Id)); }); differences.Deleted.ForEach(deletedItem => result.Add(String.Format("DELETE FROM {0} WHERE {1}={2};", tableName, primaryKey, deletedItem.GetId()))); return result; }
Improve this question
3
  • 2
    Prepared statements handles that cases. Can you please show your sql and c# part as well? Commented Apr 28, 2015 at 6:11
  • My application is a replicator software from MSAccess to SqlServer, It is so complex, that I created so many classes that I structured that to send List<string> with all the INSERTS and UPDATES and DELETES, so that's why I can't use SqlParameters I build it previously... the Sql's are simple like "INSERT INTO table (field1,...dynamic by loading the properties of my entity)... Commented Apr 28, 2015 at 6:17
  • But I added my codes in the post for you to see it... @SonerGönül Commented Apr 28, 2015 at 6:19

2 Answers 2

Reset to default
4

You can place these characters into a character class, and replace with string.Empty:

var rgx4 = new Regex(@"[\r\n'/\\]"); var tst = "\r \n ' /\\"; tst = rgx4.Replace(tst, string.Empty);

Result:

enter image description here

A character class usually executes faster, as with alternative list, there is a lot of back-tracking impeding performance.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If I understood correctly, you want something like this :

Regex.Replace(value.ToString(), "(\\\\n|\\\\r|'|\\/\\\\)+", "")

See here.

Improve this answer

3 Comments

How can I add this character - in this regex? [^0-9a-zA-Z]+ I want to include this character -
In my or yoru regex? In yours, it's already in. The negated set does not incude -. In mine : Regex.Replace(value.ToString(), "(\\\\n|\\\\r|'|\\/\\\\|-)+", "")
Yes, but I changed my idea, it is better to filter only Alphanumeric plus the characters _ - .

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.