How to escape strings in sql stmts
How to escape strings in sql stmts
Do you provide a method to escape strings (e.g. mysql_real_escape_string() ) I can use when constructing my own sql stmts.
We do not provide public method for string escaping.
Here is the simplest example of the string escaping in MySQL way.
Here is the simplest example of the string escaping in MySQL way.
Code: Select all
string EscapeString(string s)
{
s = s.Replace("\", "\");
s = s.Replace("\", "\");
s = s.Replace("\"", "\"");
s = s.Replace("`", "\`");
s = s.Replace("ґ", "\ґ");
s = s.Replace("’", "\’");
s = s.Replace("‘", "\‘");
return s;
}
-
- Posts: 13
- Joined: Tue 17 May 2005 12:59
-
- Posts: 13
- Joined: Tue 17 May 2005 12:59
Cannot tell what the 5th replace statment is (\r)?
Serious wrote:We do not provide public method for string escaping.
Here is the simplest example of the string escaping in MySQL way.Code: Select all
string EscapeString(string s) { s = s.Replace("\", "\"); s = s.Replace("\", "\"); s = s.Replace(""", "\""); s = s.Replace("`", "\`"); s = s.Replace("ґ", "\ґ"); s = s.Replace("’", "\’"); s = s.Replace("‘", "\‘"); return s; }