1 Jul 2012 by OriginalGriff
The best way is: never concatenate strings to form SQL queries. If you always use parametrised queries, then you leave nothing open to SQL Injection attack, and you don't have to change any characters.Having said that, the way you are doing things is very inefficient:1) Use a StringBuilder...