使用C＃和ASP.Net转义特殊字符在MySQL中 [英] Escape special characters in MySQL using C# and ASP.Net

问题描述

我有一个MySQL后端的ASP.Net网页。本网站上的博客内容从MySQL数据库填充。当过我想写博客条目，我会打开MySQL的工作台，右键单击该表并选择编辑数据，然后继续输入我的条目。好了，现在我工作的一个C＃应用程序，让我写博客条目，这样我就不必打开工作台每次。到目前为止的所有工作，除了一个小问题很大：特殊字符

I have a ASP.Net web page with a MySQL back end. The blog content on this site is populated from the MySQL database. When ever I wanted to write a blog entry, I would open MySQL Workbench, right click on the table and select "edit data" and then proceed to type my entry. Well, now I'm working on a C# application that will allow me to write a blog entry so that I don't have to open workbench everytime. Everything so far is working great except for one minor issue: special characters.

== ==示例

在textBox1中我会写以下，

In textBox1 I will write the following,

我可以告诉你，这不会因为那一撇的工作

I can tell you that this won't work because of the apostrophe

我的code看起来像这样（可能有点过，因为我正在从内存中写入这一点，但它的工作）：

My code looks like this (may be a little off as I'm writing this from memory, but it does work):

MySQLCommand cmd = new MySQLCommand("",conn);
cmd.CommandText = "INSERT INTO blogEntry (entryText) VALUE (" + textBox1.text + ");";
...

这工作，文本插入我的表。但是，当我把它背出来并将其绑定到一个DataGridView我看到这一点：

This works and the text is inserted into my table. But when I pull it back out and bind it to a DataGridView I see this:

我可以告诉你，这赢得了

I can tell you that this won

这就是它（或者我看到一些奇怪的格式或东西）。

and that's it (or I see some wierd formatting or something).

== ==摘要

我知道它是与不是被转义撇号。所以我的问题是：

I know it has something to do with the apostrophe not being escaped. So my questions are:

1）在C＃中，有没有办法去通过textBox1的整个文本并替换所有的特殊字符（'）与逃逸（\\'），使他们正确地显示从数据库中抽取的时候？

1) In C#, is there a way to go through the entire text in textBox1 and replace all special characters (') with escapes (\') so that they show correctly when pulled from the database?

2）我读到使用的INSERT语句的存储过程或参数的一些人。会为我而究竟如何我会做的工作，（我有一些很难找到我的具体情况的例子）？

2) I read about some people using stored procedures or parameters in the INSERT statements. Would that work for me and how exactly would I do that (I'm having some trouble finding examples of my specific case)?

感谢您的帮助，想法，链接等。

Thanks for any help, ideas, links, etc.

推荐答案

如果你正在使用MySQL客户端库，您可以使用此功能。

If you are using Mysql client library, You can use this functions

MySql.Data.MySqlClient.MySqlHelper.EscapeString（您的SQL字符串）

MySql.Data.MySqlClient.MySqlHelper.EscapeString("YOUR SQL STRING")

这篇关于使用C＃和ASP.Net转义特殊字符在MySQL中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！