How do i sanitize a string for database query?
ddos via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Tue Jul 21 11:55:52 PDT 2015
On Tuesday, 21 July 2015 at 17:58:55 UTC, Gary Willoughby wrote:
> On Tuesday, 21 July 2015 at 17:23:30 UTC, ddos wrote:
>> How do i sanitize a string for database query?
>> Is there some builtin function?
>>
>> thx :)
>
> Use prepared statements instead.
>
> https://en.wikipedia.org/wiki/Prepared_statement
thx for reminding me of prepared statements
this is ok for preventing an sql injection i guess, but still my
insert would fail.
maybe i should have specified what i want to achieve:
i have a plugin for a call of duty gameserver, this plugin is
able to ban players from the server by inserting name/ip/etc..
into a sql database. it is priority that the insert never fails.
e.g. name could contain a ' which lets my insert fail.
More information about the Digitalmars-d-learn
mailing list