Scripting/Squirrel/Functions/escapeSQLString: Difference between revisions

From Vice City Multiplayer
Jump to navigation Jump to search
Caution icon
This wiki is using an old backup from 2020
Some information may be old/missing
m (Do not sign your edits)
No edit summary
 
(One intermediate revision by one other user not shown)
Line 2: Line 2:


== Syntax ==
== Syntax ==
<pre>escapeSQLString( string query )</pre>
<source lang=squirrel>escapeSQLString( string query )</source>


== Arguments ==
== Arguments ==
Line 11: Line 11:


== Example ==
== Example ==
<pre>function onPlayerJoin( player )
<source lang=squirrel>function onPlayerJoin( player )
{
{
   local pName = escapeSQLString( player.Name );
   local pName = escapeSQLString( player.Name );
   local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" );
   local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" );
   //Do stuff here
   //Do stuff here
}</pre>
}</source>
 
== Related Functions ==
 
{{Scripting/Squirrel/Functions/SQLite Functions}}
[[Category:Scripting/Squirrel/Functions/SQLite _Functions]]

Latest revision as of 19:01, 30 January 2017

Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.

Syntax

escapeSQLString( string query )

Arguments

  • String query - The string to escape

Return value

The escaped string.

Example

function onPlayerJoin( player )
{
   local pName = escapeSQLString( player.Name );
   local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" );
   //Do stuff here
}

Related Functions