C# equivalent of php mysql_real_escape_string function
-
29-05-2021 - |
Domanda
I'm looking for the equivalent to the PHP function mysql_real_escape_string() to use in C#.NET. I work with the .NET 3.5 framework. I can't find anything to use.
I read something that the System.Web.HttpUtility would have something but I can't use that. It says that I do not have an reference to it.
Soluzione
I strongly suspect you won't find anything, for two reasons:
- It's not the preferred way of avoiding SQL injection attacks. Using parameterized queries is.
- It would be DB-specific anyway, hence why it's
mysql_real_escape_string
in PHP. Given that it's to do with SQL, I wouldn't expect System.Web.HttpUtility to be anything like what you want.
So the question is whether you're actually trying to pass a value to a database, or escape a URL. If it's escaping a URL, then we need to know more about your application (e.g. .NET target profile) to help you further. If it's passing a value to a database, use parameterized SQL instead.
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow