Scripting/Squirrel/Functions/escapeSQLString

From Vice City Multiplayer
Revision as of 08:28, 5 March 2016 by KAKAN (talk | contribs) (Created page with "Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players. == Syntax == <pre>escape...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Caution icon
This wiki is using an old backup from 2020
Some information may be old/missing

Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.

Syntax

escapeSQLString( string query )

Arguments

  • String query - The string to escape

Return value

The escaped string.

Example

function onPlayerJoin( player )
{
   local pName = escapeSQLString( player.Name );
   local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" );
   //Do stuff here
}

By KAKAN

Retrieved from "http://wiki.vc-mp.org/index.php?title=Scripting/Squirrel/Functions/escapeSQLString&oldid=18824"