How to escape simple SQL queries in C# for SqlServer

c# sql sql-server

Since using SqlParameter is not an option, just replace ' with '' (that's two single quotes, not one double quote) in the string literals. That's it.

To would-be downvoters: re-read the first line of the question. "Use parameters" was my gut reaction also.

EDIT: yes, I know about SQL injection attacks. If you think this quoting is vulnerable to those, please provide a working counterexample. I think it's not.

Related

Add custom metadata or config to package.json, is it valid?
Is it possible to make SCP ignore symbolic links during copy?
Elegant way to create empty pandas DataFrame with NaN of type float
How can I mock methods of @InjectMocks class?
pandas - filter dataframe by another dataframe by row elements
python: is it possible to attach a console into a running process
What are the Java semantics of an escaped number in a character literal, e.g. '\15' ?
Collapsing a git repository's history
Why does const imply internal linkage in C++, when it doesn't in C?
Python twisted: where to start [closed]
How do I change which GitHub project I forked from?
definitive way to get user ip address php [duplicate]