I am working on a C# project where I am exporting data from a database that is defined by the user, so I don't have any idea what the data is going to contain or the format it is going to be in.
Some of the strings within the database might include apostrophes (') which I need to escape, but everything I've found on the Internet shows that I would have to do string.replace("'", "\\'"); which seems a bit odd, as it would be a mass of replace statements for every possibility.
Isn't there a better way to do this?
I recently had to make a code fix for this same problem. I had to put a ton of string.replace() statements everywhere. My recommendation would be to create a method that handles all escape character possibilities and have your query strings pass through this method before being executed. If you design your structure correctly you should only have to call this method once.
public string FixEscapeCharacterSequence(string query)
{
query = query.Replace("'", "\'");
//..Any other replace statements you need
//....
return query;
}