I have a rather simple situation that I just dont have the familiarity with C# to address.
I have a DataTable object returned from a webservice. I want the user to be able to filter and analyze the data so I create a DataView object. I have a ListBox that is the
One of the basic functions is I want them to be able to do searches of the data. So I get clever and add a textbox and an event for the textbox.
private void textbox1_TextChanged(object sender, EventArgs e)
{
((DataView)listbox1.DataSource).RowFilter = "mycolumn LIKE '*"+textbox1.Text+"*'";
}
Problem is, if the user enters any special characters on accident (say [ or ] or *) it could screw up the match expression. Its like a classic SQL injection safety problem. The problem is the SQL blacklist characters are well documented (and often libraries will even contain methods that make strings sql safe because it's such a common problem) but this "RowFilter" expression isn't SQL and doesn't have well documented blacklist or escape characters.
Does anyone have an idea for how to elegantly solve this problem?