Ejemplo n.º 1
0
        private string SanitizeString(string s)
        {
            if (String.IsNullOrEmpty(s))
            {
                return(String.Empty);
            }
            string ret = "";

            switch (DbType)
            {
            case DbTypes.MsSql:
                ret = MssqlHelper.SanitizeString(s);
                break;

            case DbTypes.MySql:
                ret = MysqlHelper.SanitizeString(s);
                break;

            case DbTypes.PgSql:
                ret = PgsqlHelper.SanitizeString(s);
                break;
            }

            return(ret);
        }
Ejemplo n.º 2
0
        private string PreparedStringValue(string s)
        {
            switch (DbType)
            {
            case DbTypes.MsSql:
                return("'" + MssqlHelper.SanitizeString(s) + "'");

            case DbTypes.MySql:
                return("'" + MysqlHelper.SanitizeString(s) + "'");

            case DbTypes.PgSql:
                // uses $xx$ escaping
                return(PgsqlHelper.SanitizeString(s));
            }

            return(null);
        }
Ejemplo n.º 3
0
        /// <summary>
        /// Sanitize an input string.
        /// </summary>
        /// <param name="val">The value to sanitize.</param>
        /// <returns>A sanitized string.</returns>
        public string SanitizeString(string val)
        {
            if (String.IsNullOrEmpty(val))
            {
                return(val);
            }

            switch (_DbType)
            {
            case DbTypes.MsSql:
                return(MssqlHelper.SanitizeString(val));

            case DbTypes.MySql:
                return(MysqlHelper.SanitizeString(val));

            case DbTypes.PgSql:
                return(PgsqlHelper.SanitizeString(val));
            }

            throw new Exception("Unknown database type");
        }