Modules/MySQL/MysqlSafeString

From Multi Theft Auto: Wiki


Package-x-generic.png This function is provided by the external module MySQL. You must install this module to use this function.


This function escapes a given string so it's safe to pass as a query to mysqlQuery. Please use this as sanity checking function to prevent bad things like SQL injection.

The function needs an already established connection to a MySQL database, because it reads out the character set from that database to escape the string.

Syntax

string mysqlSafeString ( mysql mysqlobj, string query )

Required Arguments

  • mysqlobj : A mysql object created by mysqlCreate
  • query : The MySQL query that needs to be escasped

Optional Arguments

None

Example

function onMySQLOpen ( result )
	if ( result ) then
		outputServerLog ( "MySQL connection established." )
		-- do the safe query
		local safe = mysqlSafeString ( db, some_string_passed_by_a_user )
		mysqlQuery ( db, "onMySQLResult", "SELECT ".. safe .." FROM test" )
	else
		outputServerLog ( "MySQL connection failed." )
	end
end

function mysqltest ()
	db = mysqlCreate ()
	mysqlOpen ( db, "onMySQLOpen", "localhost", "bastage", "bastage_pw", "test", 3306 )
end