Modules/MySQL/MysqlSafeString: Difference between revisions
		
		
		
		
		
		Jump to navigation
		Jump to search
		
			
		
		
	
| No edit summary | 
| (No difference) | 
Revision as of 21:59, 29 January 2007
|   | This function is provided by the external module MySQL. You must install this module to use this function. | 
This function escapes a given string so it's safe to pass as a query to mysqlQuery. Please use this as sanity checking function to prevent bad things like SQL injection.
The function needs an already established connection to a MySQL database, because it reads out the character set from that database to escape the string.
Syntax
string mysqlSafeString ( mysql db, string query )
Required Arguments
- db : A mysql object created by mysqlCreate
- query : The MySQL query that needs to be escasped
Optional Arguments
None
Example
function onMySQLOpen ( result ) if ( result ) then outputServerLog ( "MySQL connection established." ) -- do the safe query local safe = mysqlSafeString ( db, some_string_passed_by_a_user ) mysqlQuery ( db, "onMySQLResult", "SELECT ".. safe .." FROM test" ) else outputServerLog ( "MySQL connection failed." ) end end function mysqltest () db = mysqlCreate () mysqlOpen ( db, "onMySQLOpen", "localhost", "bastage", "bastage_pw", "test", 3306 ) end