That's essentially the line of code I have in one of my source files. It works great, no errors or anything. However when a player opens a chatroom for example with a name containing quotes ( ' , " ), the map server naturally throws an error because of malformed SQL. What I'm wondering is, how would I add to this to escape the string to prevent any sort of abuse that can come of it? I want to keep the quotes in there, yet protect it from any sort of injection. I'm not too familiar with C#, but I haven't been able to find a somewhat simple way of doing this.
Question
Bake Mono
That's essentially the line of code I have in one of my source files. It works great, no errors or anything. However when a player opens a chatroom for example with a name containing quotes ( ' , " ), the map server naturally throws an error because of malformed SQL. What I'm wondering is, how would I add to this to escape the string to prevent any sort of abuse that can come of it? I want to keep the quotes in there, yet protect it from any sort of injection. I'm not too familiar with C#, but I haven't been able to find a somewhat simple way of doing this.
Edited by Bake MonoLink to comment
Share on other sites
6 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.