Re: when I insert table, value is a string contains apostrophe - it throws an error there

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix
From: Sean Conner <sean@...>
Date: Wed, 3 Feb 2010 16:19:40 -0500

It was thus said that the Great Florian Weimer once stated:
> 
> LuaSQL should really, really support parametrized queries, though, but
> currently, it doesn't. 8-(

  You could always do something like:


-- sql_sanitize() sanitizes the SQL statement, maybe even
-- surrounding it with quotes or whatever ... 

function prepare(statement,vars)
  local function cmd(tag)
    local word = string.sub(tag,3,3)
    if type(vars[word]) == "nil" then
      return ""
    elseif type(vars[word]) == "string" then
      return sql_sanitize(vars[word])
    elseif type(vars[word]) == "function" then
      return sql_sanitize(vars[word]()
    else
      return sql_sanitize(tostring(vars[word])
    end
  end

  return string.gsub(statement,"%%{[%w%.]+}%%",cmd)     
end

  statement = prepare([[
	SELECT name,addr1,addr2,phone
	FROM %{customer}%
	WHERE
		name=%{name}%
		AND status=%{status}%]],
	{
	  customer = 'customer',
	  name     = "Robert'); DROP customers;",
	  status   = 3
	})

  connection:SQL(statement)

  -spc (Hmmm ... now where's that PHP webapp I'm supposed to be working on?)

References:
- when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, noel frankinet
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer

Prev by Date: Re: Embedding Kepler in Windows application
Next by Date: Lua reflection? debug.setinfo() proposal
Previous by thread: Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix
Next by thread: Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix
Index(es):
- Date
- Thread