Graal Forums  

Go Back   Graal Forums > Development Forums > Future Improvements
Reload this Page SQLite
FAQ Members List Calendar Today's Posts

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-14-2009, 03:10 PM
Inverness Inverness is offline
Incubator
Inverness's Avatar
Join Date: Aug 2004
Location: Houston, Texas
Posts: 3,613
Inverness is a jewel in the roughInverness is a jewel in the rough
I tried using string.escape() as you suggested, but like I thought, it escaped single quotes using a backslash which is incorrect, you're supposed to escape single quotes using another single quote.

I also suggest adding "parameterized queries." Which is basically when question marks in the query are replaced by function parameters to protect against SQL injection and stuff. Example:

executesql("INSERT INTO options VALUES (?,?)", {"profit", 9001});
__________________
Last edited by Inverness; 04-14-2009 at 05:54 PM..
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 02:54 AM.

Contact Us - Graal - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.