SQL escape with sqlite in C#

You should be using a parameter as in:

SQLiteCommand cmd = _connection.CreateCommand();cmd.CommandType = CommandType.Text;cmd.CommandText = "SELECT * FROM MyTable WHERE MyColumn = @parameter";cmd.Parameters.Add( new SQLiteParameter( "@parameter", textfield ) );SQLiteDataReader reader = cmd.ExecuteReader();

Using a parametrised SQL will escape all input values and help protect you from SQL injection attacks.

c# sqlite escaping

You can also replace all single quote delimiters with doubt single quotes (not ").

sql = sql.Replace("'","''");

CodeHunter

SQL escape with sqlite in C#

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last