There is only a single character you have to escape: ansi 0x27, aka the single quote:
safeString = unsafeString.Replace("'","''");
More Related Contents:
- Sanitize table/column name in Dynamic SQL in .NET? (Prevent SQL injection attacks)
- store image in database or in a system file? [closed]
- SQL Identity (autonumber) is Incremented Even with a Transaction Rollback
- SELECT * FROM X WHERE id IN (…) with Dapper ORM
- Bulk Insert to Oracle using .NET
- Parameterized Queries with LIKE and IN conditions
- Using “GO” within a transaction
- Does End Using close an open SQL Connection
- Does this code prevent SQL injection?
- How do I write LINQ’s .Skip(1000).Take(100) in pure SQL?
- How can you name the Dataset’s Tables you return in a stored proc?
- How can I create database tables from XSD files?
- How can I avoid SQL injection attacks in my ASP.NET application?
- Why is some sql query much slower when used with SqlCommand?
- Is it possible to send a collection of ID’s as a ADO.NET SQL parameter?
- How can I configure Entity Framework to automatically trim values retrieved for specific columns mapped to char(N) fields?
- Regular expression to find all table names in a query
- How to return a page of results from SQL?
- Using a variable for table name in ‘From’ clause in SQL Server 2008
- What is the difference between .NET Core and .NET Standard Class Library project types?
- sql runs fast in ssms slow in asp.net
- How Random is System.Guid.NewGuid()?
- How to disable click sound in WebBrowser Control
- .Net Framework 4.6.1 not defaulting to TLS 1.2
- What does “{x:Static}” mean in XAML?
- How to make a .NET application “large address aware”?
- WCF error: The caller was not authenticated by the service
- Where is the “Create Unit Tests” selection?
- How do I control MembershipProvider instance creation/lifetime?
- Visual Studio popup: “the operation could not be completed”