i am trying to database some files on my computer with mysql in c#, its having an issue with VALUES ('drum'n'bass')
You use a backslash - \'
to escape a single quote:
VALUES ('drum\'n\'bass')
You should however be using prepared statements and not build SQL strings yourself.
If you for some reason need to escape the strings yourself instead of using a parameterised query, you need to escape both backslashes and apostrophes for a literal string in MySQL:
value = value.Replace(@"\", @"\\").Replace("'", @"\'");
This is important, if you don't escape the strings correctly, the query is wide open for SQL injection attacks.
Just to reiterate, you shouldn't be doing this yourself.
Use parameterised queries:
private string escapeChar(string strToEsc)
{
if (strToEsc.IndexOf("'") > -1)
{
strToEsc = strToEsc.Replace("'", @"'");
}
if (strToEsc.IndexOf("’") > -1)
{
strToEsc = strToEsc.Replace("’", @"’");
}
if (strToEsc.IndexOf("‘") > -1)
{
strToEsc = strToEsc.Replace("‘", @"‘");
}
return strToEsc;
}