Special Characters in MySQL Query on C# .Net

Question

One of my names in my data looks like this O'Neil

When I am putting this into my MySQL Query it looks like this 'O'Neil' Unfortunately it reads the ' between the O and causes an error. I Don't want to replace the ', I still want the name to be O'Neil. Can anyone recommend a way to do this?

I'm using C# (.Net).

Thanks.

CM888.

score 3 · Answer 1 · edited May 23 '17 at 12:00

3

You should use parameterized queries.Answers for this post are examples of parameterized queries.Indirectly you are performing sql Injection. parameterized queries avoids sql injection and moreover it is a good practice too.

edited May 23 '17 at 12:00

Community

1
1

answered Apr 08 '11 at 05:55

Novice

2,447
3
27
33

Cheers; So I add mySqlCommand.Parameters.AddWithValue("@", User.name); ? – codemonkey888 Apr 08 '11 at 06:25

score 3 · Answer 2 · answered Apr 08 '11 at 05:58

Jose is right - you should absolutely use parameterized queries.

This avoids:

SQL injection attacks
Invalid SQL due to quotes etc
Issues with date/time and numeric formats

It's also just a generally good idea to separate code from data.

See Bobby Tables for more.

score 2 · Answer 3 · answered Apr 08 '11 at 05:51

2

Use the SQL escape character ''.

'O''Neil'

ref : http://www.orafaq.com/faq/how_does_one_escape_special_characters_when_writing_sql_queries

answered Apr 08 '11 at 05:51

Drahakar

5,986
6
43
58

No, don't try to fix the SQL - move the data out of the SQL in the first place. – Jon Skeet Apr 08 '11 at 05:59

Special Characters in MySQL Query on C# .Net

3 Answers3