PetaPoco INSERT with @ in the string

Question

I want to Execute a line of SQL which looks like this:

conn.Open();
var db = new PetaPoco.Database(conn);
var sql = "INSERT INTO FOO (name) VALUES ( 'foo@bar.com')";
var response = db.Execute(sql);

The problem is that PetaPoco thinks @bar is a parameter. Is there a way to tell it not to treat any @'s specially? My super lame work around was to replace "@" with "at". I live with this shame.

score 5 · Answer 1 · answered Nov 07 '17 at 21:28

"You are doing it wrong"™

To avoid SQL Injection attacks, and other minuances concatenting strings, you should use parameters:

var response = db.Execute("INSERT INTO FOO (name) VALUES (@0)", "foo@bar.com");

Wrong way, but works at least:

var response = db.Execute("INSERT INTO FOO (name) VALUES ('foo@@bar.com')",

score 2 · Accepted Answer · answered Nov 03 '17 at 19:49

2

You need to use two @ characters to escape it. I think this should work:

var sql = "INSERT INTO FOO (name) VALUES ( 'foo@@bar.com')"

answered Nov 03 '17 at 19:49

Alan Burstein

7,770
1
15
18

PetaPoco INSERT with @ in the string

2 Answers2