Scripting/Squirrel/Functions/mysql escape string: Difference between revisions
Jump to navigation
Jump to search
This wiki is using an old backup from 2020
Some information may be old/missing
m (Do not sign your edits) |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 18: | Line 18: | ||
//Do stuff here | //Do stuff here | ||
}</pre> | }</pre> | ||
== Related Functions == | |||
{{Scripting/Squirrel/Functions/MySQL Functions}} | |||
[[Category:Scripting/Squirrel/Functions/Mysql_Functions]] |
Latest revision as of 18:27, 30 January 2017
Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.
Syntax
mysql_escape_string( MySQLConnection handler, string query )
Arguments
- MySQLConnection handler - A valid MySQL link/handler
- String query - The string to escape
Return value
The escaped string.
Example
function onPlayerJoin( player ) { local pName = mysql_escape_string( handler, player.Name ); local q = mysql_query( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" ); //Do stuff here }