.net - How do I convert a string into safe SQL String?

Question

Welcome To Ask or Share your Answers For Others

.net - How do I convert a string into safe SQL String?

posted Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

.net - How do I convert a string into safe SQL String?

I'm generating some sql insert statements from a bunch of text files.

These text files are generally user input data. I would like to sanitize this data so that it's not going to break the insert statement.

For example, some of the input data, people have used the word Don't. The "'" in don't will lead the sql statement to think the string has ended and therefore cause an error.

Is there any .NET method I can call to kind of convert all of these characters to either escape codes or safe characters?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-17T02:51:16+0000

There is only a single character you have to escape: ansi 0x27, aka the single quote:

safeString = unsafeString.Replace("'","''");

Categories

.net - How do I convert a string into safe SQL String?

.net - How do I convert a string into safe SQL String?

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags