Jiten Bhagat wrote:
If I have the following string to represent a SQL statement:
string s = “SELECT * FROM TABLE_NAME WHERE Description = ‘” +
someDescription + “’”;
How do I ensure that the someDescription variable has escaped all
special characters?
Use a parameterized query. So you
Jiten Bhagat wrote:
is there an easier way?
Yes. Use parametrized SQL statement.
--
Jiri Cincura
http://www.cincura.net/
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new
