What’s the ASP.NET equivalent of this PHP code? $db = new mysqli(/some data/); $db->query(‘INSERT

Question

0

Asked: May 23, 20262026-05-23T07:20:48+00:00 2026-05-23T07:20:48+00:00

What’s the ASP.NET equivalent of this PHP code? $db = new mysqli(/some data/); $db->query(‘INSERT

0

What’s the ASP.NET equivalent of this PHP code?

$db = new mysqli(/*some data*/);
$db->query('INSERT INTO `log` (`msg`) VALUES ("'.$db->real_escape_string($_POST['mesg']).'");');

Im only interested in mysqli_real_escape_string, but the only examples I can find on Google for ASP.NET and SQL are all injectable.

So my question is: How do I pass user data to SQL in ASP.NET using ADO.NET?

If you use replace of regex, please base your example on this code.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T07:20:49+00:00

When using this approach, you’ll want to look into using parameterized SQL in your code.

using (SqlConnection connection = new SqlConnection(connectionString))
{
  DataSet userDataset = new DataSet();

  SqlDataAdapter myDataAdapter = new SqlDataAdapter("SELECT * FROM Log WHERE Message = @Message", connection);                

  myCommand.SelectCommand.Parameters.Add("@Message", SqlDbType.VarChar, 11);

  myCommand.SelectCommand.Parameters["@Message"].Value = messageString;

  myDataAdapter.Fill(userDataset);
}

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

What’s the ASP.NET equivalent of this PHP code? $db = new mysqli(/*some data*/); $db->query(‘INSERT

Leave an answerCancel reply

1 Answer

What’s the ASP.NET equivalent of this PHP code? $db = new mysqli(/some data/); $db->query(‘INSERT

Leave an answer
Cancel reply