EnquoteNCharLiteral(literal, ncharset)

This method validates the literal, adds single quotes if required, prefixes an N, and returns the result.

Declaration

// C#
public static string EnquoteNCharLiteral(string literal, OracleDatabaseNCharset ncharset);

Parameters

literal

The input literal.
ncharset

The database national character set.

Return Value

The literal is returned with single quotes prefixed with an N.

Exceptions

ArgumentNullException - Value cannot be null. (Parameter 'identifier')

OracleException - Invalid identifier or literal.

Remarks

This method's purpose is to prevent SQL injection.

Any single quote in the literal is replaced with two single quotes for the purposes of escaping, or overloading. For example, the input string, scott's, becomes N'scott''s' in the return value.

The literal is returned with single quotes prefixed with an N. Any single quote in the literal is replaced with two single quotes. This is called escaping or overloading.

Empty literals are allowed.

Leading and trailing white space is not ignored nor trimmed when quoted.

ODP.NET uses ncharset to verify the specified database national character set that can represent the literal. Sometimes alternative representations of quotes can be used to introduce SQL injection. An OracleException will be thrown if the quotes cannot be correctly represented in the database national character set.

Note: