unrecognised escape sequence

Question

0.00/5 (No votes)

See more:

hi all i get the unrecognised esscape sequence in the followeing code
""SqlConnection cn = new SqlConnection("Data Source=B4ITCCTVSERVER\SQLEXPRESS;Initial Catalog=login1;Integrated Security=True");""
i get it on the \ in (B4ITCCTVSERVER(\)SQLEXPRESS)
if i remove the \ it compiles but the program doesnt start as soon as i try to connect to the database i get a error, is there a way to remove the \ and not change the directory path?

Posted 23-Jul-15 2:03am

jamesmc1535

Add a Solution

Comments

[no name] 23-Jul-15 8:15am

Use this: B4ITCCTVSERVER\\SQLEXPRESS

...and read this why and how: https://msdn.microsoft.com/de-de/library/362314fe(v=vs.120).aspx[^]

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CHill60 · Accepted Answer · 2015-07-23T02:17:00

Solution 1

It means the compiler does not recognise \S as an escape sequence[^]
Either use B4ITCCTVSERVER\\SQLEXPRESS or precede the entire string with @ which makes the string "verbatim" - see string reference[^]

Posted 23-Jul-15 2:17am

CHill60

Updated 23-Jul-15 2:18am

v5

Comments

Thomas Daniels 23-Jul-15 8:18am

+5.

Sergey Alexandrovich Kryukov 23-Jul-15 15:26pm

Sure, a 5.
—SA

Thomas Daniels · Accepted Answer · 2015-07-23T02:18:00

Solution 2

The reason that you get this error, is because character combinations that start with a backslash in C# string literals are escape sequences[^]. The compiler finds the escape sequence \S in your string, doesn't recognize it, and gives an error.

There are two possible way to resolve it:

Replace the backslash by its escape sequence, a double backslash:

C#

SqlConnection cn = new SqlConnection("Data Source=B4ITCCTVSERVER\\SQLEXPRESS;Initial Catalog=login1;Integrated Security=True");

Make your string literal a verbatim string literal, then the string gets read literally and you don't have to escape the backslash. To make your string literal verbatim, add an @ sign before the literal:

C#
```
SqlConnection cn = new SqlConnection(@"Data Source=B4ITCCTVSERVER\SQLEXPRESS;Initial Catalog=login1;Integrated Security=True");
```

Posted 23-Jul-15 2:18am

Thomas Daniels

Updated 23-Jul-15 2:28am

v3

Comments

CHill60 23-Jul-15 8:19am

+5 also. Note you had the same problem as me with the editor here escaping the \\ to \ :-D

jamesmc1535 23-Jul-15 8:22am

lol XD visual studios is against me and you because its the 2nd error me and you have in common

Thomas Daniels 23-Jul-15 8:30am

Hmm... weird enough, when I replace it by 4 backslashes, it appears as 4, and when I change it back to 2, it appears as 2... well, at least it displays it correctly now :P

CHill60 23-Jul-15 8:33am

See my solution ... 5 attempts to get the formatting right! :facepalm:

jamesmc1535 23-Jul-15 8:26am

okay it works (
\\ ) and the @ but i get another syntax error -
SqlCommand cmd = new SqlCommand("from user1 where username = '" + textBox1.Text + "' and password = '" + textBox2.Text + "'", cn); on the from .any fixes? or advice

CHill60 23-Jul-15 8:29am

There is no select in your sql statement.
Also never ever use string concatenation to generate sql from user input - you are at risk of sql injection[^]. Use Query Parameterisation[^] instead

jamesmc1535 23-Jul-15 8:46am

i stated sqls 2day so im still new @ this. uhm i checked the sql injection - and query parameteriation. thanks alot . its very helpfull \M/ and confusing theres an example on that website of c# but im struggling 2 understand the layout ,if you can and have time , would you maybe try 2 quickly explain it?

CHill60 23-Jul-15 8:52am

Try this article instead - SQL Injection Attacks and Some Tips on How to Prevent Them[^]

Sergey Alexandrovich Kryukov 23-Jul-15 15:31pm

Right. And see also Solution 3.
—SA

Richard Deeming 23-Jul-15 9:16am

Here's another useful article:
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]

Troy also has an hour-long video explaining how SQLi works:
https://www.youtube.com/watch?v=GY5IXcMyOeU[^]

Richard Deeming 24-Jul-15 7:46am

As well as the SQL Injection vulnerability, you're storing passwords in plain text. That's a very bad idea; you should only ever store a salted hash of the user's password.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

Sergey Alexandrovich Kryukov 23-Jul-15 15:26pm

Sure, a 5.
—SA

Thomas Daniels 23-Jul-15 15:30pm

Thank you.

Sergey Alexandrovich Kryukov · Accepted Answer · 2015-07-23T09:29:00

jamesmc1535 wrote

C#

okay it works (
\\ ) and the @ but i get another syntax error -
SqlCommand cmd = new SqlCommand("from user1 where username = '" + textBox1.Text + "' and password = '" + textBox2.Text + "'", cn);

on the from .any fixes? or advice

In addition to what you've been already told in some of the comments to Solution 2:

Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.

This is how it works: http://xkcd.com/327.

Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.

What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.

With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.

Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.

—SA