Reputation:
How do i escape sql and get the text instead of put it in a query?
I want to generate querys but i wont be executing. Just showing the text query after everything has been escape. I cant figure out how to get the escape value. I searched the object browser for escape hoping to find a function but i didnt. I then had a longshot idea that this (string)new SQLiteParameter("@dummy", text).Value may work but its too longshot and it didnt work. So how do i get the escaped text?
Upvotes: 0
Views: 347
Answers (2)
Reputation: 888283
You'll need to manually replace quotes and backslashes in your strings.
I'm not an expert in SQLite syntax, but the following should work:
text = text.Replace("'", "''"); //Replace single quotes (') with pairs of single quotes ('')
However, you should use parameters whenever you possibly can.
In addition to being more secure against SQL injection, using parameters will also give you the benefit of query plan caching, making your queries run faster.
Upvotes: 1
Reputation: 68747
If you mean escape quotes, then just query.Replace("'", "''"). With parameters, the query is sent as is, and parameters are sent separately to your database.
Upvotes: 3
Related Questions
- Escape single quote character for use in an SQLite query
- How to escape double quote in string in SQLite query?
- How to escape string in System.Data.SQLite without prepared statements
- How to escape simple SQL queries in C# for SqlServer
- How to escape a string in system.data.sqlite?
- Easy way to escape sql strings?
- Escape Character for SQL in C#
- SQLite escape method
- Escaping a INSERT query in sqlite
- SQL escape with sqlite in C#