Replace ' with \' in all textboxes in my program

So throughout my program I have probably 50 or so text boxes in various places. I know how to replace a single quote with something (in this case ' -> \'), but I am thinking there must be a better way to do this than go through and add specific code for every single text box. I have to do this because when this stuff is getting sent to the database, if there is a single quote, it gives an error. Is there a way to change the default TextBox control behavior so that all textboxes in the program automatically replace all single quotes with \'?

EDIT:

     string statement = "select count(*) from users where username='@username'";
     MySqlCommand command = new MySqlCommand(statement, conn);
     command.Parameters.AddWithValue("@username", username);
     if (Convert.ToInt32(command.ExecuteScalar()) == 1)

I have been playing with the paramerterized code and this is what I have right now. From how I understand it, the statement string is basically the same as before, but where I used to have the variable "username" I know use a parameter (which I called @username), then the command is created. Then in the parameters.addwithvalue, it replaces the parameter username, with whatever is in the variable username. Unfortunately, this is not working for me, and I don't really see how it helps because username is still just getting stuck in the command?

EDIT: Found the problem, in the 开发者_如何学Gostatement you don't need to put single quotes around '@username'

so it should be:

string statement = "select count(*) from users where username=@username";

Don't use concatenation to build SQL queries. Use proper parametrized queries. This will make repeated queries a bit faster and will also eliminate input sanitizing code (replacing ' with \' for example) and SQL injection attacks.

You should be using parameterized queries, not only to resolve the problem you have, but also to reduce your exposure to SQL injection. When you use string concatenation to build SQL queries you are suseptable to SQL injection attackes.

U can use onKeyUp javascript function or asp.net OnTextChanged event to create function that will change quotes.