Menu
I know I can use the parameters, but what is the right way to escape string sequences? The query could be like this:
"INSERT INTO records (ReferenceID,Name,Note,Author) VALUES ('" + ID+ "','" + addlevel.textBox1.Text + "','"+addlevel.textBox2_note.Text+ "','"+Program.Username+"')";
I am ONLY curious, just want to know :)
EDIT: But what about that? "CREATE TABLE "+string" .... parameters cannot be used here!
314
If you need to perform database operations, such as creating tables, then you should use SQL Server Management Objects instead of executing SQL strings.
For CRUD operations parameters is absolutely the only true path.
UPDATE: It appears that the MySQL client library contains a helper method for this ill-advised task. You can call MySqlHelper.EscapeString(string).
82
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
