Home/ Questions/Q 144633
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T08:17:04+00:00

I have a text field and its breaking my sql statement. How do i

  • 0

I have a text field and its breaking my sql statement. How do i escape all the chars in that field? I am using sqlite with http://sqlite.phxsoftware.com/ in C#

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. You should be using a parameter as in:

    SQLiteCommand cmd = _connection.CreateCommand(); cmd.CommandType = CommandType.Text; cmd.CommandText = 'SELECT * FROM MyTable WHERE MyColumn = @parameter'; cmd.Parameters.Add( new SQLiteParameter( '@parameter', textfield ) ); SQLiteDataReader reader = cmd.ExecuteReader();

    Using a parametrised SQL will escape all input values and help protect you from SQL injection attacks.

    • 0