Is there a .Net project/dll, that supports escaping of user supplied input to database queries for various database systems?
I would like our entire team to standardize and use one module to perform escaping of user supplied input that will then be used in parameterized SQL queries.
Ideally, I would like to specify the database system (oracle, SqlServer, mySql, etc.) in the config file and be able to call Escape(variableName) and it would escape the string contents based on the current database setting in the web.config file.
If not, the next best thing would be something like EscapeForOracle, EscapeForSqlServer, etc.
At a minimum the project should support Oracle, SqlServer and MySql.
I am wondering if I need to create this in-house or if an existing commercial/open-source product exists to do this.