escape_string


Description:

public virtual string escape_string (Connection? cnc, string str)

Escapes str for use within an SQL command (to avoid SQL injection attacks).

Note that the returned value still needs to be enclosed in single quotes before being used in an SQL statement.

Parameters:

this

a server provider.

cnc

a Connection object, or null

str

a string to escape

Returns:

a new string suitable to use in SQL statements