Top | Previous | Next |
Strings / escapeSQL |
escapeSQL(string) Returns the given string with special SQL characters escaped. This is a fairly simplistic function - it just replaces single quotes with two single quotes, and backslashes with two backslashes. See system.db.runPrepUpdate for a much safer way to sanitize user input.
"SELECT * FROM mytable WHERE option = '" + escapeSQL("Jim's Settings") + "'" ... returns SELECT * FROM mytable WHERE option='Jim''s Settings'
"SELECT * FROM mytable WHERE option = '" + escapeSQL({Root Container.TextField.text}) + "'" ... returns a query with sanitized user input from a text field. |