ASP.NET add slashes to a string before quotes

Question

I am used to writing in PHP, but I recently had a school project, on which I have to use ASP.NET with C#.

So, in php, everytime I had to insert or update something from a database (mysql), I used a php function called addslashes() which added slashes before quotes preventing any mysql errors (I used strip_tags to hide the html tags preventing users from messing up the page).

Now I wonder if there's some kind of a function that does that job perfectly like php does but in C# (ASP.NET).

Additional information: I use Access as a database.

Also, _somewhat_ related, this nice answer on sanitizing input: http://stackoverflow.com/a/82170/104198. — Gromer, Jan 16 '13 at 17:49

score 0 · Answer 1 · answered Jan 16 '13 at 17:50

Two little things :

you are wrong when you use addslashes, the right function is mysqli_real_escape_string .
With C# it is really easy to use prepared statement so have a look here :

String sql = "SELECT count(username) FROM login where username=@USERNAME and pwd=@PWD"; commandObj.Parameters.Add("@USERNAME", SqlDbType.VarChar, username.Length).Value = username; commandObj.Parameters.Add("@PWD", SqlDbType.VarChar, pwd.Length).Value = pwd;

ASP.NET add slashes to a string before quotes

1 Answers1