Garry's Mod Wiki

sql.Query

  table sql.Query( string query )

Description

Performs a query on the local SQLite database, returns a table as result set, nil if result is empty and false on error.

To run SQL queries with this function safely, it is crucial to ensure that the concatenated variables in the query string are safe to avoid vulnerabilities like SQL injections. For this, it is recommended to use the sql.SQLStr, which allows arguments to be escaped correctly.

Arguments

1 string query
The query to execute.

Returns

1 table
false is returned if there is an error, nil if the query returned no data.

Example

Functions that are examples of saving and creating information into the database.

function CreateTable() sql.Query( "CREATE TABLE IF NOT EXISTS player_data ( SteamID TEXT, Money INTEGER )" ) end function SavePlayerToDataBase( ply, Money ) local data = sql.Query( "SELECT * FROM player_data WHERE SteamID = " .. sql.SQLStr( ply:SteamID() ) .. ";") if ( data ) then sql.Query( "UPDATE player_data SET Money = " .. Money .. " WHERE SteamID = " .. sql.SQLStr( ply:SteamID() ) .. ";" ) else sql.Query( "INSERT INTO player_data ( SteamID, Money ) VALUES( " .. sql.SQLStr( ply:SteamID() ) .. ", " .. Money .. " )" ) end end function LoadPlayerFromDataBase( ply ) local val = sql.QueryValue( "SELECT Money FROM player_data WHERE SteamID = " .. sql.SQLStr( ply:SteamID() ) .. ";" ) return val end