0

I want to modify my code like below but after modification my regex dont work. what I am doing wrong?

my code

Regex reg = new Regex("(ALTER TABLE .+ REFERENCES\\s+)\"USER1\"[.](.+)");
richTextBox1.Text = reg.Replace(richTextBox1.Text, "$1$2");

modified code

Regex reg = new Regex(String.Format("(ALTER TABLE .+ REFERENCES\\s+)\"{0}\"[.](.+)",textbox1.text);

richTextBox1.Text = reg.Replace(richTextBox1.Text, "$1$2");
Improve this question
5
  • 1
    Is the {0} in the rickTextBox1.Text? {} are used for defined repeats usually, you could try escaping the braces: \{0\}. Commented Aug 21, 2013 at 7:30
  • 10
    NO NO NO NO NO THIS IS EVEN WORSE THAN CONCATENATION DON'T GENERATE SQL WITH REGEX!!!! Commented Aug 21, 2013 at 7:32
  • seconding It'sNotALie, you are heading for much trouble if you synthesize sql. the risk of sql injection is just too high, if your code will ever be reviewed, it most certainly will not pass. use prepared statements and host variables instead. Commented Aug 21, 2013 at 7:43
  • I dont GENERATE SQL WITH REGEX!!!!. Commented Aug 21, 2013 at 15:52
  • hi jerry, your solution \{0\} gives error each { } : Unrecognized escape sequence Commented Aug 21, 2013 at 15:54

1 Answer 1

Reset to default
3

The fundamental problem with your code stems from the threat of SQL Injection Attacks.

This approach of building the sql statement dynamically with string manipulation is frought with danger, using regexes or not.

STOP NOW

Your more focused problem goes away.

Use some approach that uses parameters substitution. ADO.Net commands with paramters or an ORM or perhaps write a stored procedure.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I dont think it nothing to do with SQL injection. it is just a plain sentence that shows on richtextBox
@user2661591, ok, I see, human assitance is required to perform the attack. Is this just a tool for writing SQL?
just a tool that writing script like TOYS

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.