0

I have a small program that manually creates queries. In pseudo code, it's basically done like this

string[] a = new string[x];
a[0] = "data 1";
a[1] = "data 2";
a[2] = "data 3";
string query = "insert into x (y) values(";
for i {
query += a[i] + ",";
}
query += ");";

I'm aware that this usage is sub-optimal and I should do a complete re-write at some point.
Now I need to add some binary data to the a-array.
Given a byte[] b, how can I add it to the query?
I haven't tried, but I'm assuming that b.toString() or just query+=b is gonna corrupt my data?

Improve this question

1 Answer 1

Reset to default
5

Don't put it in the SQL to start with. Use a parameterized query: it'll be a lot easier, and won't risk SQL injection attacks.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I know, I know. Call me lazy but right now I'd really like to "just get it to work". The whole script, which is much larger, is gonna need to be rewritten from scratch all together in the future, but I would really like to get this to work without that.
@Claes: Doing it properly with a parameterized query is likely to be simpler than fudging it to do it the wrong way. Parameterized queries aren't hard to write. Also note that if you want binary data, starting with a string isn't a great idea.
Hang on, why am i upvoting Jon Skeet? Isn't his name actually pronounced 'Jon Upwards-pointing-orange-arrow-with-a-large-integer-next-to-it'?
@Tom: Ok, I can take a hint ;) I know that what I'm doing is wrong, I shall repent. Thanks Jon.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.