Garry's Mod Wiki

Home / Garry's Mod Wiki

Garry's Mod Wiki

  string sql.SQLStr( string string, boolean bNoQuotes = false )
View Source Search Github

Description

Escapes dangerous characters and symbols from user input used in an SQLite SQL Query.

If possible, it is recommended to use sql.QueryTyped instead.

Do not use this function with external database engines such as MySQL. MySQL and SQLite use different escape sequences that are incompatible with each other! Escaping strings with inadequate functions is dangerous and will lead to SQL injection vulnerabilities.

Arguments

1 string string
The string to be escaped.
2 boolean bNoQuotes = false
Set this as true, and the function will not wrap the input string in apostrophes.

Returns

1 string
The escaped input.

Example

Example usage of this function.

sql.Query( "INSERT OR REPLACE INTO cookies ( key, value ) VALUES ( " .. sql.SQLStr( k ) .. ", " .. sql.SQLStr( v ) .. " )" )

This site is a community mirror of the official Garry's Mod wiki.. This site is not maintained by Facepunch Studios.

Page content is automatically updated four times a day. Edits and history are not available.

Last Parsed: Loading...