private string SanitizeString(string s)
{
if (String.IsNullOrEmpty(s))
{
return(String.Empty);
}
string ret = "";
switch (DbType)
{
case DbTypes.MsSql:
ret = MssqlHelper.SanitizeString(s);
break;
case DbTypes.MySql:
ret = MysqlHelper.SanitizeString(s);
break;
case DbTypes.PgSql:
ret = PgsqlHelper.SanitizeString(s);
break;
}
return(ret);
}
private string PreparedStringValue(string s)
{
switch (DbType)
{
case DbTypes.MsSql:
return("'" + MssqlHelper.SanitizeString(s) + "'");
case DbTypes.MySql:
return("'" + MysqlHelper.SanitizeString(s) + "'");
case DbTypes.PgSql:
// uses $xx$ escaping
return(PgsqlHelper.SanitizeString(s));
}
return(null);
}
/// <summary>
/// Sanitize an input string.
/// </summary>
/// <param name="val">The value to sanitize.</param>
/// <returns>A sanitized string.</returns>
public string SanitizeString(string val)
{
if (String.IsNullOrEmpty(val))
{
return(val);
}
switch (_DbType)
{
case DbTypes.MsSql:
return(MssqlHelper.SanitizeString(val));
case DbTypes.MySql:
return(MysqlHelper.SanitizeString(val));
case DbTypes.PgSql:
return(PgsqlHelper.SanitizeString(val));
}
throw new Exception("Unknown database type");
}
