Scripting/Squirrel/Functions/mysql escape string: Difference between revisions

Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.

Syntax

mysql_escape_string( MySQLConnection handler, string query )

Arguments

• MySQLConnection handler - A valid MySQL link/handler
• String query - The string to escape

Return value

The escaped string.

Example

function onPlayerJoin( player )
{
   local pName = mysql_escape_string( handler, player.Name );
   local q = mysql_query( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" );
   //Do stuff here
}

Related Functions

• mysql_affected_rows
• mysql_change_user
• mysql_close
• mysql_connect
• mysql_errno
• mysql_error
• mysql_escape_string
• mysql_fetch_assoc
• mysql_fetch_lengths
• mysql_fetch_row
• mysql_free_result
• mysql_info
• mysql_insert_id
• mysql_num_fields
• mysql_num_rows
• mysql_ping
• mysql_query
• mysql_select_db
• mysql_warning_count