Scripting/Squirrel/Functions/escapeSQLString: Difference between revisions
Jump to navigation
Jump to search
This wiki is using an old backup from 2020
Some information may be old/missing
m (Do not sign your edits) |
No edit summary |
||
(One intermediate revision by one other user not shown) | |||
Line 2: | Line 2: | ||
== Syntax == | == Syntax == | ||
< | <source lang=squirrel>escapeSQLString( string query )</source> | ||
== Arguments == | == Arguments == | ||
Line 11: | Line 11: | ||
== Example == | == Example == | ||
< | <source lang=squirrel>function onPlayerJoin( player ) | ||
{ | { | ||
local pName = escapeSQLString( player.Name ); | local pName = escapeSQLString( player.Name ); | ||
local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" ); | local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" ); | ||
//Do stuff here | //Do stuff here | ||
}</ | }</source> | ||
== Related Functions == | |||
{{Scripting/Squirrel/Functions/SQLite Functions}} | |||
[[Category:Scripting/Squirrel/Functions/SQLite _Functions]] |
Latest revision as of 19:01, 30 January 2017
Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.
Syntax
escapeSQLString( string query )
Arguments
- String query - The string to escape
Return value
The escaped string.
Example
function onPlayerJoin( player )
{
local pName = escapeSQLString( player.Name );
local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" );
//Do stuff here
}