Assume that you have this code in C#/.NET (using PostgreSQL via ODBC): using System.Data.Odbc;

Question

0

Asked: May 27, 20262026-05-27T02:31:08+00:00 2026-05-27T02:31:08+00:00

Assume that you have this code in C#/.NET (using PostgreSQL via ODBC): using System.Data.Odbc;

0

Assume that you have this code in C#/.NET (using PostgreSQL via ODBC):

using System.Data.Odbc;
...
OdbcCommand cmd = ...;
cmd.CommandText = "SELECT id, email, password FROM users WHERE email=?;";
cmd.Parameters.Clear();
cmd.Parameters.Add("email", OdbcType.VarChar).Value = aEmail;

But when aEmail == \’ (backslash and apos.) then it gives me following error:

Exception type: OdbcException 
Exception message: ERROR [42601] ERROR: unterminated quoted string at or near "'\''';";
Error while executing the query

As I’ve read, using OdbcCommand.Parameters should protect against SQL injection, but in this case it looks like something doesn’t works right, what am I missing?

Important note: I’ve never used PostgreSQL, ODBC, .NET before (started today, but I hope to end it today too ;), but I need to fix 4 SQL queries in one simple web application – previously there was:

System.Format("SELECT ... email = {0}", aEmail)

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T02:31:09+00:00

Are you trying to escape the single quote? the problem is that to escape the single quote in PostgreSQL you should escape it with another single quote and not with backslash :

''''

However the ODBC driver should do this for you automatically passing only the single quote… Try to update with the latest version of the ODBC driver, if the problem persist maybe it is better to open an issue to the postgreSQL bug mailing list .

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Assume that you have this code in C#/.NET (using PostgreSQL via ODBC): using System.Data.Odbc;

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply