I want to generate querys but i wont be executing. Just showing the text query after everything has been escape. I cant figure out how to get the escape value. I searched the object browser for escape hoping to find a function but i didnt. I then had a longshot idea that this (string)new SQLiteParameter("@dummy", text).Value may work but its too longshot and it didnt work. So how do i get the escaped text?
views:
139answers:
2
+3
A:
If you mean escape quotes, then just query.Replace("'", "''"). With parameters, the query is sent as is, and parameters are sent separately to your database.
Yuriy Faktorovich
2009-12-13 15:02:17
+1
A:
You'll need to manually replace quotes and backslashes in your strings.
I'm not an expert in SQLite syntax, but the following should work:
text = text.Replace("'", "''"); //Replace single quotes (') with pairs of single quotes ('')
However, you should use parameters whenever you possibly can.
In addition to being more secure against SQL injection, using parameters will also give you the benefit of query plan caching, making your queries run faster.
SLaks
2009-12-13 15:02:41
This probably won't work with SQLLite, the escape is a valid character and to show a quote you use ''.
Yuriy Faktorovich
2009-12-13 15:06:00
@Yuriy: Fixed; thanks.
SLaks
2009-12-13 16:28:36