Escaping strings

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am using MySQL from ASP. Is there a simple way to process string values
which I am reading/writing before constructing my query so that they are
always correctly escaped? Or is there a way of including this process in my
SQL statements? I am worried about writing strings to a VARCHAR field which
contain special characters that haven't been escaped correctly.

Many thanks,


Re: Escaping strings

Quoted text here. Click to load it

I think the safest way is to use parameterized queries.  Then you don't have
to escape anything in the string you're using.

See for an example of
using parameterized queries in an OleDB connection from ASP.NET.  This page
is not MySQL-specific, but it should be applicable as far as I know.

Bill K.

Site Timeline