[Mono-list] escaping a string for sql

Alan Knowles alan@akbkhome.com
Mon, 07 Mar 2005 22:36:13 +0800


As far as I can tell, you dont, you use prepared statements and 
placeholders.

Regards
Alan

James Grant wrote:

>I know this probably isnt the right place to ask, but I figured someone here 
>might  know (and google seems useless in this case) -- how do you escape a 
>string in C# for use in an SQL query?  in php/mysql I would do  
>mysql_escape_string("string with ' or ` in it")
>
>all i'm doing is a simple SQL SELECT based on the input of a text box, but the 
>text box must handle all input (apostrophe's, quotes, etc) -- here's what 
>Npgsql is saying when I enter   "apo'strophe" in the textbox.
>
>Npgsql.NpgsqlException:
>syntax error at or near "strophe"
>Severity: ERROR
>Code: 42601
>in <0x00061> Npgsql.NpgsqlConnection:CheckErrors ()
>
>Thanks,
> James
>
>  
>