Do you have a question? Post it now! No Registration Necessary. Now with pictures!
January 30, 2006, 11:46 am
rate this thread
I am using MySQL from ASP. Is there a simple way to process string values
which I am reading/writing before constructing my query so that they are
always correctly escaped? Or is there a way of including this process in my
SQL statements? I am worried about writing strings to a VARCHAR field which
contain special characters that haven't been escaped correctly.
Re: Escaping strings
I think the safest way is to use parameterized queries. Then you don't have
to escape anything in the string you're using.
See http://www.4guysfromrolla.com/webtech/092601-1.2.shtml for an example of
using parameterized queries in an OleDB connection from ASP.NET. This page
is not MySQL-specific, but it should be applicable as far as I know.
- » Americanas.com SALDO de TVs Com at 80% de Desconto (29798)
- — Newest thread in » MySQL Database Forum