The conn:quote()
function is designed to safely escape special characters in user input when you're manually constructing SQL statements.
It accepts a single string argument, and returns an escaped string surrounded by single quotes according to the database API used. It ensures that special characters such as quotes and backslashes are properly escaped to prevent syntax errors.
local lastname = "O'Reilly" local query = 'SELECT * FROM Authors WHERE LastName = '..conn:quote(lastname) local result = conn:query{sql=query}
In this example, conn:quote{}
ensures that the single quote in O'Reilly
is safely escaped, making the query valid for the specific database.