Add Regex string to database

Question

Add Regex string to database

OSVBNET 1,381

Hello, I have a regex string (near 500 characters) so I created a table for it, since Short String is up to 255 chars I set it to Long String (Memo)
But I can't add it to the db:

OleDb.OleDbCommand("UPDATE MyData SET RegexString = '" + vRegexString + "'", MyConnection)

Syntax error (missing operator) in query expression ''^(([....

Well how can a regex get saved due to its varying chars?
Thank you for helping :)

Answer 1

Viorel 89,396

It seems that you are using the unrecommended and dangerous string concatenation. Try using parameterised queries, something like this:

Dim cmd = new OleDb.OleDbCommand("UPDATE MyData SET RegexString = ?", MyConnection)  
cmd.Parameters.AddWithValue( "s", vRegexString)

There are more approaches that are described in documentation.

OSVBNET 1,381 Reputation points

2022-08-13T20:21:27.887+00:00

Hello and thank you so much.

It works just fine, just 2 things: shall I still use the old method I was using for simple "True" and "False" string update in database or not, and always use parametrized query?

And in your code I didn't get the question mark ? in the first line an the "s" in the second line, shall I use it the same way?
Viorel 89,396 Reputation points

2022-08-13T20:29:26.697+00:00

In case of statements like "UPDATE MyData SET MyColumn = True", you do not have to use parameters. But if it requires a variable value, then string concatenations should be avoided.

In the SQL statement you should use "?" as placeholders, and then add parameters in the same order, using any names.
OSVBNET 1,381 Reputation points

2022-08-13T20:51:58.347+00:00

Thanks again, so it means I can write anything instead of "s"?

Add Regex string to database

1 answer

Activity