Solved

Inserting strings into a database

Posted on 2006-11-15
6
303 Views
Last Modified: 2008-02-01
I am more a of PHP programmer and I'm used to mysql_real_escape_string (basically escapes special character that would produce SQL errors for those who never touched PHP). Is there a similiar function or method to safely insert strings into a database in Visual Basic .NET using Microsoft SQL Server 2005 Express Edition? Code would help. Thanks.
0
Comment
Question by:Linky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 13

Expert Comment

by:newyuppie
ID: 17953869
in this link i found a C# function that is supposed to imitate this functionality. translated to vb.net using online free translator:

http://mysql.speedbone.de/doc/refman/5.0/en/connector-net-architecture-connection.html
**
Private Function escapeSQL(ByVal text As String) As String
 Dim invalidSQLChars As String() = New String(7) {"" & Microsoft.VisualBasic.Chr(0) & "", "" & Microsoft.VisualBasic.Chr(10) & "", "" & Microsoft.VisualBasic.Chr(13) & "", "\", "'", """", "¡"}
 Dim i As Integer = 0
 While i < invalidSQLChars.Length
   text = text.Replace(invalidSQLChars(i), "\" + invalidSQLChars(i))
   System.Math.Min(System.Threading.Interlocked.Increment(i),i-1)
 End While
 Return text
End Function

you would need to pass an unsafe string to this function and it would return a safe string hopefully
0
 
LVL 13

Assisted Solution

by:newyuppie
newyuppie earned 50 total points
ID: 17953873
dont know why this line got added: System.Math.Min(System.Threading.Interlocked.Increment(i),i-1). if function is not working just remove that line (i dont much like it)


original C# code in case you can translate:
private string escapeSQL(string text) {
// imitates behaviour of the PHP mysql_real_escape_string function
string[] invalidSQLChars = new string[7] {"\x00", "\n", "\r", "\\", "'", "\"", "\x1a"};
for (int i = 0; i < invalidSQLChars.Length; i++)
text = text.Replace(invalidSQLChars[i], "\\" + invalidSQLChars[i]);
return text;
}
0
 
LVL 2

Author Comment

by:Linky
ID: 17954059
Yes but shouldn't there be a built in function that does it?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:newyuppie
ID: 17954089
if there should, i havent heard about it.
0
 
LVL 10

Accepted Solution

by:
tpwells earned 75 total points
ID: 17957167
ADO.NET connector Parameters help to make sure the data is "safe" for execution agains the database.

Are you using ODBC or the MySql.Data provider to access your database?

I use MySql.Data
found at:http://dev.mysql.com/downloads/connector/net/1.0.html

      Dim cn as new MySqlConnection(connection_string)
      cn.Open()
      Dim cm as new MySqlCommand = cn.CreateCommand()

      cm.CommandText = "INSERT into myTable (column1,column2,column3) VALUES (?column1,?column2,?column3)"

      cm.Parameters.Add("?column1",MyValue1)
      cm.Parameters.Add("?column2",MyValue2)
      cm.Parameters.Add("?column3",MyValue3)

      cm.ExecuteNonQuery()

      cn.Close()


If you use ODBC then I think you need to replace the "?"s with "@"

0
 
LVL 2

Author Comment

by:Linky
ID: 17959297
Thanks tpwells, that method works well.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Kraeven
Introduction Remote Share is a simple remote sharing tool, enabling you to see, add and remove remote or local shares. The application is written in VB.NET targeting the .NET framework 2.0. The source code and the compiled programs have been in…
If you're writing a .NET application to connect to an Access .mdb database and use pre-existing queries that require parameters, you've come to the right place! Let's say the pre-existing query(qryCust) in Access takes a Date as a parameter and l…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question