Jiten Bhagat wrote:
If I have the following string to represent a SQL statement:
string s = “SELECT * FROM TABLE_NAME WHERE Description = ‘” +
someDescription + “’”;
How do I ensure that the someDescription variable has escaped all
special characters?
Use a parameterized query. So your query would be:
"SELECT * FROM TABLE_NAME WHERE DESCRIPTION = ?"
Then add a parameter to your command object with the value of the
parameter set to the value you wish to search for.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Firebird-net-provider mailing list
Firebird-net-provider@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/firebird-net-provider
