?
Solved

Inserting strings into a database

Posted on 2006-11-15
6
Medium Priority
?
305 Views
Last Modified: 2008-02-01
I am more a of PHP programmer and I'm used to mysql_real_escape_string (basically escapes special character that would produce SQL errors for those who never touched PHP). Is there a similiar function or method to safely insert strings into a database in Visual Basic .NET using Microsoft SQL Server 2005 Express Edition? Code would help. Thanks.
0
Comment
Question by:Linky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 13

Expert Comment

by:newyuppie
ID: 17953869
in this link i found a C# function that is supposed to imitate this functionality. translated to vb.net using online free translator:

http://mysql.speedbone.de/doc/refman/5.0/en/connector-net-architecture-connection.html
**
Private Function escapeSQL(ByVal text As String) As String
 Dim invalidSQLChars As String() = New String(7) {"" & Microsoft.VisualBasic.Chr(0) & "", "" & Microsoft.VisualBasic.Chr(10) & "", "" & Microsoft.VisualBasic.Chr(13) & "", "\", "'", """", "¡"}
 Dim i As Integer = 0
 While i < invalidSQLChars.Length
   text = text.Replace(invalidSQLChars(i), "\" + invalidSQLChars(i))
   System.Math.Min(System.Threading.Interlocked.Increment(i),i-1)
 End While
 Return text
End Function

you would need to pass an unsafe string to this function and it would return a safe string hopefully
0
 
LVL 13

Assisted Solution

by:newyuppie
newyuppie earned 200 total points
ID: 17953873
dont know why this line got added: System.Math.Min(System.Threading.Interlocked.Increment(i),i-1). if function is not working just remove that line (i dont much like it)


original C# code in case you can translate:
private string escapeSQL(string text) {
// imitates behaviour of the PHP mysql_real_escape_string function
string[] invalidSQLChars = new string[7] {"\x00", "\n", "\r", "\\", "'", "\"", "\x1a"};
for (int i = 0; i < invalidSQLChars.Length; i++)
text = text.Replace(invalidSQLChars[i], "\\" + invalidSQLChars[i]);
return text;
}
0
 
LVL 2

Author Comment

by:Linky
ID: 17954059
Yes but shouldn't there be a built in function that does it?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 13

Expert Comment

by:newyuppie
ID: 17954089
if there should, i havent heard about it.
0
 
LVL 10

Accepted Solution

by:
tpwells earned 300 total points
ID: 17957167
ADO.NET connector Parameters help to make sure the data is "safe" for execution agains the database.

Are you using ODBC or the MySql.Data provider to access your database?

I use MySql.Data
found at:http://dev.mysql.com/downloads/connector/net/1.0.html

      Dim cn as new MySqlConnection(connection_string)
      cn.Open()
      Dim cm as new MySqlCommand = cn.CreateCommand()

      cm.CommandText = "INSERT into myTable (column1,column2,column3) VALUES (?column1,?column2,?column3)"

      cm.Parameters.Add("?column1",MyValue1)
      cm.Parameters.Add("?column2",MyValue2)
      cm.Parameters.Add("?column3",MyValue3)

      cm.ExecuteNonQuery()

      cn.Close()


If you use ODBC then I think you need to replace the "?"s with "@"

0
 
LVL 2

Author Comment

by:Linky
ID: 17959297
Thanks tpwells, that method works well.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A while ago, I was working on a Windows Forms application and I needed a special label control with reflection (glass) effect to show some titles in a stylish way. I've always enjoyed working with graphics, but it's never too clever to re-invent …
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question