private string SanitizeString(DbTypes dbType, string s)
{
if (String.IsNullOrEmpty(s))
{
return(String.Empty);
}
string ret = "";
switch (dbType)
{
case DbTypes.MsSql:
ret = MssqlHelper.SanitizeString(s);
break;
case DbTypes.MySql:
ret = MySqlHelper.SanitizeString(s);
break;
case DbTypes.PgSql:
ret = PgsqlHelper.SanitizeString(s);
break;
}
return(ret);
}
private string PreparedStringValue(DbTypes dbType, string s)
{
switch (dbType)
{
case DbTypes.MsSql:
return("'" + MssqlHelper.SanitizeString(s) + "'");
case DbTypes.MySql:
return("'" + MySqlHelper.SanitizeString(s) + "'");
case DbTypes.PgSql:
// uses $xx$ escaping
return(PgsqlHelper.SanitizeString(s));
}
return(null);
}