[Mono-list] escaping a string for sql

James Grant topace@lightbox.org
Mon, 7 Mar 2005 08:31:42 -0500

I know this probably isnt the right place to ask, but I figured someone here 
might  know (and google seems useless in this case) -- how do you escape a 
string in C# for use in an SQL query?  in php/mysql I would do  
mysql_escape_string("string with ' or ` in it")

all i'm doing is a simple SQL SELECT based on the input of a text box, but the 
text box must handle all input (apostrophe's, quotes, etc) -- here's what 
Npgsql is saying when I enter   "apo'strophe" in the textbox.

syntax error at or near "strophe"
Severity: ERROR
Code: 42601
in <0x00061> Npgsql.NpgsqlConnection:CheckErrors ()


James Grant
Lightbox Technologies Inc.