xuiwhr的专栏

原创 对sql inject的简单防范，据说这样其实是不够的，请明白人加以说明

  ///   /// Escapes a string to allow it to be safely used in an SQL  /// query. It will double up single quotes, and return the supplied  /// string wrapped in single quotes. Eg the string "Steves a