I’m coding a GUI using WPF and Expression Blend for an application which is using SQLite as the database where to store its data.
I made several TextBox where the user can input the data they want to add or modify in the database. But if an user inputs the double quotes character an exception will be generated because I’m using the double quotes character in the queries for the strings.
So I’m looking for a way to prevent the user to introduce a double quote character directly. Is it possible?
Note: if relevant the implementation of SQLite in C# I’m using is csharp-sqlite.
You should be using parameterized queries rather than generating the SQL as a string and executing that string. There are quite a lot of things other than just double quotes that users could enter into the textbox that would break your query (just look up SQL injection as commented earlier) and using parameters solves all of the cases. If you try to handle every case yourself you WILL miss something, it’s only a question of whether anyone figures it out or not.