Scripting/Squirrel/Functions/escapeSQLString

Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.

Syntax

escapeSQLString( string query )

Arguments

• String query - The string to escape

Return value

The escaped string.

Example

function onPlayerJoin( player )
{
   local pName = escapeSQLString( player.Name );
   local q = QuerySQL( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" );
   //Do stuff here
}

Related Functions

• ConnectSQL
• DisconnectSQL
• escapeSQLString
• FreeSQLQuery
• GetSQLColumnCount
• GetSQLColumnData
• GetSQLNextRow
• QuerySQL