I am currently helping develop a mid sized ASP.NET website using Entity Framework and Oracle 12c. We have recently discovered that if a user includes a full width apostrophe in certain searches the following Oracle error occurs:
Upon further investigation it looks like Oracle treats the full width apostrophe as if it were a single quote. The following SQL will create the same error:ORA-01756: quoted string not properly terminated
Code: Select all
select count(*)
from EXAMPLE_TABLE
where COUNTRY in(''')
This problem seems to happen with specific method calls, so for this example I am calling .Contains(). Here is a simplified example of what the code is doing:
Code: Select all
IEnumerable<string> searchCountries = new[] { "'" };
query = query.Where(x=> searchCountries.Contains(x.COUNTRY));
Any help would be appreciated, thanks!