Hi,
I am using MySQL from ASP. Is there a simple way to process string values
which I am reading/writing before constructing my query so that they are
always correctly escaped? Or is there a way of including this process in my
SQL statements? I am worried about writing strings to a VARCHAR field which
contain special characters that haven't been escaped correctly.
Many thanks,
Jimbo.
"Jimbo"
news:drkub8$bjj$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
> I am using MySQL from ASP. Is there a simple way to process string values
> which I am reading/writing before constructing my query so that they are
> always correctly escaped? Or is there a way of including this process in
> my SQL statements? I am worried about writing strings to a VARCHAR field
> which contain special characters that haven't been escaped correctly.
I think the safest way is to use parameterized queries. Then you don't have
to escape anything in the string you're using.
See http://www.4guysfromrolla.com/webtech/092601-1.2.shtml for an example of
using parameterized queries in an OleDB connection from ASP.NET. This page
is not MySQL-specific, but it should be applicable as far as I know.
Regards,
Bill K.