MySQL :: MySql Query Escape

Contact MySQL |
Login | Register

The world's most popular open source database

Documentation Downloads MySQL.com

Developer Zone

Section Menu:

New Topic

MySql Query Escape

Posted by: peter
Date: December 06, 2007 12:18AM

In MySql things like ' and " ( quotes ) cause query problems as you well know.

In C# Using quotes in the text boxes causes problems allowing SQL injections ect.. Now, in PHP there is something mysql_escape_string(string); but how do you do it in C#?

[qoute]
string username = txtUsername.Text.ToString();
string password = txtPassword.Text.ToString();

sql.command.CommandText = "SELECT * FROM `users` WHERE `username`='" + username + "' AND `password`='" + password + "' LIMIT 1";
[/quote]

Thank You

Navigate: Previous Message• Next Message

Options: Reply• Quote

Subject

Written By

Posted

MySql Query Escape

peter

December 06, 2007 12:18AM

Re: MySql Query Escape

Sergey Kudriavtsev

December 06, 2007 01:41AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.