Scripting/Squirrel/Functions/escapeSQLString: Difference between revisions
Jump to navigation
Jump to search
This wiki is using an old backup from 2020
Some information may be old/missing
(Created page with "Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players. == Syntax == <pre>escape...") |
(No difference)
|
Revision as of 08:28, 5 March 2016
Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.
Syntax
escapeSQLString( string query )
Arguments
- String query - The string to escape
Return value
The escaped string.
Example
function onPlayerJoin( player ) { local pName = escapeSQLString( player.Name ); local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" ); //Do stuff here }
By KAKAN