Solved

Inserting strings into a database

Posted on 2006-11-15
6
293 Views
Last Modified: 2008-02-01
I am more a of PHP programmer and I'm used to mysql_real_escape_string (basically escapes special character that would produce SQL errors for those who never touched PHP). Is there a similiar function or method to safely insert strings into a database in Visual Basic .NET using Microsoft SQL Server 2005 Express Edition? Code would help. Thanks.
0
Comment
Question by:Linky
  • 3
  • 2
6 Comments
 
LVL 13

Expert Comment

by:newyuppie
ID: 17953869
in this link i found a C# function that is supposed to imitate this functionality. translated to vb.net using online free translator:

http://mysql.speedbone.de/doc/refman/5.0/en/connector-net-architecture-connection.html
**
Private Function escapeSQL(ByVal text As String) As String
 Dim invalidSQLChars As String() = New String(7) {"" & Microsoft.VisualBasic.Chr(0) & "", "" & Microsoft.VisualBasic.Chr(10) & "", "" & Microsoft.VisualBasic.Chr(13) & "", "\", "'", """", "¡"}
 Dim i As Integer = 0
 While i < invalidSQLChars.Length
   text = text.Replace(invalidSQLChars(i), "\" + invalidSQLChars(i))
   System.Math.Min(System.Threading.Interlocked.Increment(i),i-1)
 End While
 Return text
End Function

you would need to pass an unsafe string to this function and it would return a safe string hopefully
0
 
LVL 13

Assisted Solution

by:newyuppie
newyuppie earned 50 total points
ID: 17953873
dont know why this line got added: System.Math.Min(System.Threading.Interlocked.Increment(i),i-1). if function is not working just remove that line (i dont much like it)


original C# code in case you can translate:
private string escapeSQL(string text) {
// imitates behaviour of the PHP mysql_real_escape_string function
string[] invalidSQLChars = new string[7] {"\x00", "\n", "\r", "\\", "'", "\"", "\x1a"};
for (int i = 0; i < invalidSQLChars.Length; i++)
text = text.Replace(invalidSQLChars[i], "\\" + invalidSQLChars[i]);
return text;
}
0
 
LVL 2

Author Comment

by:Linky
ID: 17954059
Yes but shouldn't there be a built in function that does it?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:newyuppie
ID: 17954089
if there should, i havent heard about it.
0
 
LVL 10

Accepted Solution

by:
tpwells earned 75 total points
ID: 17957167
ADO.NET connector Parameters help to make sure the data is "safe" for execution agains the database.

Are you using ODBC or the MySql.Data provider to access your database?

I use MySql.Data
found at:http://dev.mysql.com/downloads/connector/net/1.0.html

      Dim cn as new MySqlConnection(connection_string)
      cn.Open()
      Dim cm as new MySqlCommand = cn.CreateCommand()

      cm.CommandText = "INSERT into myTable (column1,column2,column3) VALUES (?column1,?column2,?column3)"

      cm.Parameters.Add("?column1",MyValue1)
      cm.Parameters.Add("?column2",MyValue2)
      cm.Parameters.Add("?column3",MyValue3)

      cm.ExecuteNonQuery()

      cn.Close()


If you use ODBC then I think you need to replace the "?"s with "@"

0
 
LVL 2

Author Comment

by:Linky
ID: 17959297
Thanks tpwells, that method works well.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question