public EscapeSqlString ( string sqlString ) : string | ||
sqlString | string | the string to be escaped |
return | string |
public void Save() { string notes = $" '<Script Name=\"{_name}\" Type=\"{ _type}\" Language=\"{_language}\" Notes=\"\"/>' "; if (Exists()) { string sqlUpdate = "update t_script set " + $"script = '{_model.EscapeSqlString(_code)}' " + $", notes = {notes} " + " where ScriptID = " + _id; _model.ExecuteSql(sqlUpdate); } else { string guid = "{" + Guid.NewGuid() + "}"; string sql = "insert into t_script (ScriptCategory, ScriptAuthor, ScriptName, Notes, Script) " + @" Values (" + $"'{ScriptCategory}', " + $"'{_groupGuid}', " + $"'{guid}', " + $"{notes}, " + $"'{_model.EscapeSqlString(_code)}' )"; _model.ExecuteSql(sql); // update script information GetInfo(); } }
/// <summary> /// adds the given code to the end of the script /// </summary> /// <param name="functionCode">the code to be added</param> public void AddCode(string functionCode) { Code += functionCode; string sqlUpdate = "update t_script set script = '" + _model.EscapeSqlString(Code) + "' where ScriptID = " + _scriptId; _model.ExecuteSql(sqlUpdate); }