/
Handling Special Characters in SQL Statements
Handling Special Characters in SQL Statements
- Aryn Wiebe
Owned by Aryn Wiebe
The conn:quote() function is designed to safely escape special characters in user input when you're manually constructing SQL statements.
It accepts a single string argument, and returns an escaped string surrounded by single quotes according to the database API used. It ensures that special characters such as quotes and backslashes are properly escaped to prevent syntax errors.
local lastname = "O'Reilly"
local query = 'SELECT * FROM Patients WHERE LastName = '..conn:quote(lastname)
local result = conn:query{sql=query}In this example, conn:quote{} ensures that the single quote in O'Reilly is safely escaped, making the query valid for the specific database.
, multiple selections available,
Related content
Dynamic SQL Query Construction
Dynamic SQL Query Construction
More like this
Executing SQL Statements
Executing SQL Statements
More like this
Reading from a Database
Reading from a Database
More like this
Writing to a Database
Writing to a Database
Read with this
Calling Stored Procedures
Calling Stored Procedures
More like this
How can we make a string with embedded " or ' characters?
How can we make a string with embedded " or ' characters?
More like this