Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- string SQL = string.Format("SELECT * FROM Users WHERE UserName='{0}' AND Password='{1}'", MySQLEscape(Username), MySQLEscape(Password));
- MySqlCommand cmd = new MySqlCommand(SQL, this.connection);
- private static string MySQLEscape(string str)
- {
- return Regex.Replace(str, @"[\x00'""\b\n\r\t\cZ\\%_]",
- delegate(Match match)
- {
- string v = match.Value;
- switch (v)
- {
- case "\x00": // ASCII NUL (0x00) character
- return "\\0";
- case "\b": // BACKSPACE character
- return "\\b";
- case "\n": // NEWLINE (linefeed) character
- return "\\n";
- case "\r": // CARRIAGE RETURN character
- return "\\r";
- case "\t": // TAB
- return "\\t";
- case "\u001A": // Ctrl-Z
- return "\\Z";
- default:
- return "\\" + v;
- }
- });
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement