- Introduction
- License
- History
- Compilation & Hosting
- Configuration File
- Modules:
- FAQ
- Links
- Credits
|
Declaration:
-
function sds_escape(const str: string): string;
Arguments:
-
str |
Un-escaped source string |
Description:
-
Protects string used in query from SQL-injection attacks and bugs. Behavior of this function is not same as escape functions in other SQL databases. Although SDS supports escape sequences (\', \") this function replaces quotes with #SDS_CHAR_QT# and ticks with #SDS_CHAR_TK#. Don't forget to use this function for filtering data used in SDS queries.
Returns:
-
Escaped string.
Usage:
-
s := sds_escape(s);
res := sds_query('SELECT * FROM `test.sds` WHERE passwd = "' + s + '"');
See also:
-
sds_query.
|