[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix
- From: Sean Conner <sean@...>
- Date: Wed, 3 Feb 2010 16:19:40 -0500
It was thus said that the Great Florian Weimer once stated:
>
> LuaSQL should really, really support parametrized queries, though, but
> currently, it doesn't. 8-(
You could always do something like:
-- sql_sanitize() sanitizes the SQL statement, maybe even
-- surrounding it with quotes or whatever ...
function prepare(statement,vars)
local function cmd(tag)
local word = string.sub(tag,3,3)
if type(vars[word]) == "nil" then
return ""
elseif type(vars[word]) == "string" then
return sql_sanitize(vars[word])
elseif type(vars[word]) == "function" then
return sql_sanitize(vars[word]()
else
return sql_sanitize(tostring(vars[word])
end
end
return string.gsub(statement,"%%{[%w%.]+}%%",cmd)
end
statement = prepare([[
SELECT name,addr1,addr2,phone
FROM %{customer}%
WHERE
name=%{name}%
AND status=%{status}%]],
{
customer = 'customer',
name = "Robert'); DROP customers;",
status = 3
})
connection:SQL(statement)
-spc (Hmmm ... now where's that PHP webapp I'm supposed to be working on?)
- References:
- when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, noel frankinet
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Vasanta
- Re: when I insert table, value is a string contains apostrophe - it throws an error there - how to fix, Florian Weimer