Which characters need to be escaped before 开发者_高级运维being inserted into a JET Engine data table? I'm currently just replacing the ' character for this '' (this are two ' characters, not a " character) and it works just fine (I'm quoting the string with the ' character like this 'hello' so I'd turn this: 'don't' into this 'don''t' ).
So far it has been working fine, but is there any other character I need to escape? I'm creating these queries from C# code and executing them with a OleDbCommand
.
Edit I know I can use parametrized queries. But I would like to know the answer to the question above.
Rather use parameterized queries. The provider would solve all these issues for you.
Turning ' into '' is enough. Every other character can stay the same.
精彩评论