Modules/MySQL/MysqlSafeString: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
==Syntax== | ==Syntax== | ||
<syntaxhighlight lang="lua">string mysqlSafeString ( mysql | <syntaxhighlight lang="lua">string mysqlSafeString ( mysql mysqlobj, string query )</syntaxhighlight> | ||
===Required Arguments=== | ===Required Arguments=== | ||
*''' | *'''mysqlobj''' : A ''mysql'' object created by [[Modules/MySQL/MysqlCreate|mysqlCreate]] | ||
*'''query''' : The MySQL query that needs to be escasped | *'''query''' : The MySQL query that needs to be escasped | ||
Latest revision as of 20:48, 29 September 2009
|
This function is provided by the external module MySQL. You must install this module to use this function. |
This function escapes a given string so it's safe to pass as a query to mysqlQuery. Please use this as sanity checking function to prevent bad things like SQL injection.
The function needs an already established connection to a MySQL database, because it reads out the character set from that database to escape the string.
Syntax
string mysqlSafeString ( mysql mysqlobj, string query )
Required Arguments
- mysqlobj : A mysql object created by mysqlCreate
- query : The MySQL query that needs to be escasped
Optional Arguments
None
Example
function onMySQLOpen ( result ) if ( result ) then outputServerLog ( "MySQL connection established." ) -- do the safe query local safe = mysqlSafeString ( db, some_string_passed_by_a_user ) mysqlQuery ( db, "onMySQLResult", "SELECT ".. safe .." FROM test" ) else outputServerLog ( "MySQL connection failed." ) end end function mysqltest () db = mysqlCreate () mysqlOpen ( db, "onMySQLOpen", "localhost", "bastage", "bastage_pw", "test", 3306 ) end