Garry's Mod Wiki

Home / sql.SQLStr

sql.SQLStr

  string sql.SQLStr( string string, boolean bNoQuotes = false )
View Source Search Github

Description

Escapes dangerous characters and symbols from user input used in an SQLite SQL Query.

If possible, it is recommended to use sql.QueryTyped instead.

Do not use this function with external database engines such as MySQL. MySQL and SQLite use different escape sequences that are incompatible with each other! Escaping strings with inadequate functions is dangerous and will lead to SQL injection vulnerabilities.

Arguments

1 string string
The string to be escaped.
2 boolean bNoQuotes = false
Set this as true, and the function will not wrap the input string in apostrophes.

Returns

1 string
The escaped input.

Example

Example usage of this function.

sql.Query( "INSERT OR REPLACE INTO cookies ( key, value ) VALUES ( " .. sql.SQLStr( k ) .. ", " .. sql.SQLStr( v ) .. " )" )

Account Management

Special Pages

Wiki List