博客介绍了一个用于SQL查询的字符串安全转义方法。该方法将单引号加倍,并将字符串用单引号包裹,如将“Steve's a guy”转换为“'Steve''s a guy'”,但不处理二进制字符。
/// <summary>
/// Escapes a string to allow it to be safely used in an SQL
/// query. It will double up single quotes, and return the supplied
/// string wrapped in single quotes. Eg the string "Steve's a guy"
/// will be returned as "'Steve''s a guy'". Binary characters are
/// not handled.
/// </summary>
/// <returns>Resulting string</returns>
public static string Quote(string input)
{
return String.Format("'{0}'", input.Replace("'", "''"));
}
/// Escapes a string to allow it to be safely used in an SQL
/// query. It will double up single quotes, and return the supplied
/// string wrapped in single quotes. Eg the string "Steve's a guy"
/// will be returned as "'Steve''s a guy'". Binary characters are
/// not handled.
/// </summary>
/// <returns>Resulting string</returns>
public static string Quote(string input)
{
return String.Format("'{0}'", input.Replace("'", "''"));
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
