Modules/MySQL/MysqlSafeString: Difference between revisions

From Multi Theft Auto: Wiki
Jump to navigation Jump to search
No edit summary
 
No edit summary
 
(One intermediate revision by one other user not shown)
Line 2: Line 2:
{{ModuleFunction|MySQL}}
{{ModuleFunction|MySQL}}


This function escapes a given string so it's safe to pass as a query to [[mysqlQuery]]. Please use this as sanity checking function to prevent bad things like SQL injection.
This function escapes a given string so it's safe to pass as a query to [[Modules/MySQL/MysqlQuery|mysqlQuery]]. Please use this as sanity checking function to prevent bad things like SQL injection.


The function needs an already established connection to a MySQL database, because it reads out the character set from that database to escape the string.
The function needs an already established connection to a MySQL database, because it reads out the character set from that database to escape the string.


==Syntax==
==Syntax==
<syntaxhighlight lang="lua">string mysqlSafeString ( mysql db, string query )</syntaxhighlight>
<syntaxhighlight lang="lua">string mysqlSafeString ( mysql mysqlobj, string query )</syntaxhighlight>


===Required Arguments===
===Required Arguments===
*'''db''' : A ''mysql'' object created by [[mysqlCreate]]
*'''mysqlobj''' : A ''mysql'' object created by [[Modules/MySQL/MysqlCreate|mysqlCreate]]
*'''query''' : The MySQL query that needs to be escasped
*'''query''' : The MySQL query that needs to be escasped


Latest revision as of 20:48, 29 September 2009


Package-x-generic.png This function is provided by the external module MySQL. You must install this module to use this function.


This function escapes a given string so it's safe to pass as a query to mysqlQuery. Please use this as sanity checking function to prevent bad things like SQL injection.

The function needs an already established connection to a MySQL database, because it reads out the character set from that database to escape the string.

Syntax

string mysqlSafeString ( mysql mysqlobj, string query )

Required Arguments

  • mysqlobj : A mysql object created by mysqlCreate
  • query : The MySQL query that needs to be escasped

Optional Arguments

None

Example

function onMySQLOpen ( result )
	if ( result ) then
		outputServerLog ( "MySQL connection established." )
		-- do the safe query
		local safe = mysqlSafeString ( db, some_string_passed_by_a_user )
		mysqlQuery ( db, "onMySQLResult", "SELECT ".. safe .." FROM test" )
	else
		outputServerLog ( "MySQL connection failed." )
	end
end

function mysqltest ()
	db = mysqlCreate ()
	mysqlOpen ( db, "onMySQLOpen", "localhost", "bastage", "bastage_pw", "test", 3306 )
end
Retrieved from "https://wiki.multitheftauto.com/wiki/Modules/MySQL/MysqlSafeString?oldid=21622"