Garry's Mod Wiki

SQLStr

  string SQLStr( string input, boolean noQuotes = false )

Description

Returns the input value in an escaped form so that it can safely be used inside of queries. The returned value is surrounded by quotes unless noQuotes is true. Alias of sql.SQLStr

Do not use this function with external database engines such as MySQL. MySQL and SQLite use different escape sequences that are incompatible with each other! Escaping strings with inadequate functions is dangerous and will lead to SQL injection vulnerabilities.

Arguments

1 string input
String to be escaped
2 boolean noQuotes = false
Set this as true, and the function will not wrap the input string in apostrophes.

Returns

1 string
Escaped input