Re: when I insert table, value is a string contains apostrophe - it throws an error there

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix
From: Florian Weimer <fw@...>
Date: Wed, 03 Feb 2010 15:54:34 +0100

* Vasanta:

> Thanks Florian for the script, actually I am calling db.insert
> below, all the bottom db.execute where it executes the query string,
> where it fails, do I have to mege the script you gave me below with
> my db.insert script?.  this is my db.insert script.

I don't know where your database connection object is located, but you
need to turn

>     if (v ~= "_ROWID_") then
>
>         insertPart = insertPart .. "\'" .. v .. "\', "

"v" into "conn:escape(v)|,

>
>        -- if post contained field already
>
>        if notFullKey and util.tableKeyExists(tableInput, v) then
>
>           valuesPart = valuesPart .. "\'" .. tableInput[v] .. "\', "

"tableInput[v]" into "conn:escape(tableInput[v])"

and so on.  This should address your problem and also avoid the
dreaded SQL injection problem (if you don't miss any such places).

LuaSQL should really, really support parametrized queries, though, but
currently, it doesn't. 8-(

Follow-Ups:
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Ted Unangst
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Sean Conner

References:
- when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, noel frankinet
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta

Prev by Date: Re: [ANN] LuaJIT x64 port sponsorship program
Next by Date: Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix
Previous by thread: Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix
Next by thread: Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix
Index(es):
- Date
- Thread