SQL escape with sqlite in C#
You should be using a parameter as in:
SQLiteCommand cmd = _connection.CreateCommand();cmd.CommandType = CommandType.Text;cmd.CommandText = "SELECT * FROM MyTable WHERE MyColumn = @parameter";cmd.Parameters.Add( new SQLiteParameter( "@parameter", textfield ) );SQLiteDataReader reader = cmd.ExecuteReader();
Using a parametrised SQL will escape all input values and help protect you from SQL injection attacks.