Escaping values in SQL queries (C# with SQL connector)

Question

I know I can use the parameters, but what is the right way to escape string sequences? The query could be like this:

\"INSERT INTO records (ReferenceID,Name,         


        

Answer 1

I think the only thing you need to do is value = value.Replace("'", "''")

Of course you shouldn't do this, but you know that.

Edit: Apparantly this is all wrong for MySQL. It should work for PostgreSQL, MS SQL and Oracle, though.