G.SQLStr
From GMod Wiki
| Function | |
| Syntax |
SQLStr( String value ) Where is this used? |
| Description: | |
| Returns a string value that is safe to insert into an SQL statement | |
| Returns: | String |
| Part of Library: | Global Functions |
| Realm: |
 |
| BBCode Link: | [b][url=http://wiki.garrysmod.com/?title=G.SQLStr]G.SQLStr [img]http://wiki.garrysmod.com/favicon.ico[/img][/url][/b] |
Example
| Description | Escapes the player name The "Big" Cahoon and queries the database. |
|---|---|
| Used on | |
| Code | sql.Query( "SELECT * FROM names WHERE name = " .. SQLStr( ply:Name() ) ) |
| Output | Resultant Query: SELECT * FROM names WHERE name = "The \"Big\" Cahoon"' |
Additional Notes
- Escapes double quotes and surrounds the value in double quotes.
- This should be used ANYWHERE that a string is inserted into an SQL statement. Otherwise, at best, you query will fail and, at worst, someone can modify or corrupt your data.
- Not using this could result in SQL Injection.
