[Mono-list] escaping a string for sql

xavier de Blas xavi@xdeblas.com
Mon, 07 Mar 2005 14:46:36 +0100

Hello, for sure it's not the best, but this works:

private string removeTilde(string myString)
	StringBuilder myStringBuilder = new StringBuilder(myString);
        myStringBuilder.Replace("'", "");
        return myStringBuilder.ToString();

Probably you can do also something like this:
        myStringBuilder.Replace("'", "\'");

or like this:
        myStringBuilder.Replace("'", "''");
like it's explained here:

I hope it helps


El dl 07 de 03 del 2005 a les 08:31 -0500, en/na James Grant va
> I know this probably isnt the right place to ask, but I figured someone here 
> might  know (and google seems useless in this case) -- how do you escape a 
> string in C# for use in an SQL query?  in php/mysql I would do  
> mysql_escape_string("string with ' or ` in it")
> all i'm doing is a simple SQL SELECT based on the input of a text box, but the 
> text box must handle all input (apostrophe's, quotes, etc) -- here's what 
> Npgsql is saying when I enter   "apo'strophe" in the textbox.
> Npgsql.NpgsqlException:
> syntax error at or near "strophe"
> Severity: ERROR
> Code: 42601
> in <0x00061> Npgsql.NpgsqlConnection:CheckErrors ()
> Thanks,
>  James