Escape quote in web.config connection string

Question

Escape quote in web.config connection string

I have a connection string in my web configuration:

<add name="MyConString" connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass"word" providerName="System.Data.SqlClient" />

As you can see, the password has a quotation mark (") (given from another department I cannot change this password for db users).

How can I avoid the code in this connection string?

Btw: I already tried and quot; in line. This did not work - ado.net now received an ArgumenException: "The format of the initialization string does not match the specification starting at index 57." 57, where 'is in my connection string. I also tried to include part of the password in' - also did not work.

Also tried "and \" - web.config could not be parsed.

Thanks for the solution:

I had to combine the double quote escaping and put the password in single quotes:

 <add name="MyConString" connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass&quot;word'" providerName="System.Data.SqlClient" />

+60

asp.net escaping web-config connection-string

Sebastian PR Gingter Jul 05 '10 at 7:50

source share

4 answers

 connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass&quot;word"

Since web.config is XML, you need to avoid five special characters:

& → & ampersand, U + 0026
< → < left angle bracket, less than a character, U + 003C
> → > bracket with a right angle, the sign is greater, U + 003E
" → " quotation mark, U + 0022
' → ' apostrophe, U + 0027

+ not a problem. I suppose.

+40

Emanuele Greco Apr 13 2018-12-14T00:

source share

if " does not work, then try " .

+3

Earl Jan 31 '13 at 20:24

source share

Use " That should work.

+1

spinon Jul 05 '10 at 7:53 on

source share

Oded · Accepted Answer · 2010-07-05 07:53

Use " instead of " to avoid it.

web.config is an XML file, so you should use XML escaping.

 connectionString="Server=dbsrv;User ID=myDbUser;Password=somepass&quot;word"

See this forum.

Update

" should work, but like not, have you tried some other string escape sequences for .NET? \" and "" ?

Update 2:

Try single quotes for connectionString:

 connectionString='Server=dbsrv;User ID=myDbUser;Password=somepass"word'

Or:

 connectionString='Server=dbsrv;User ID=myDbUser;Password=somepass&quot;word'

Update 3:

From MSDN (SqlConnection.ConnectionString property):

To include values that contain a semicolon, a single quote character, or a double quote character, the value must be enclosed in double quotation marks. If the value contains both a semicolon and a double quote character, the value can be enclosed in single quotes.

So:

 connectionString="Server=dbsrv;User ID=myDbUser;Password='somepass&quot;word'"

The problem is not in web.config, but in the connection string format. In the connection string, if you have " in value (key-value pairs), you need to enclose the value in ' . So, while Password=somepass"word does not work, Password='somepass"word' does.

Escape quote in web.config connection string

More articles: