How do i sanitize a string for database query?
Gary Willoughby via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Tue Jul 21 12:10:08 PDT 2015
On Tuesday, 21 July 2015 at 18:55:53 UTC, ddos wrote:
> On Tuesday, 21 July 2015 at 17:58:55 UTC, Gary Willoughby wrote:
>> On Tuesday, 21 July 2015 at 17:23:30 UTC, ddos wrote:
>>> How do i sanitize a string for database query?
>>> Is there some builtin function?
>>>
>>> thx :)
>>
>> Use prepared statements instead.
>>
>> https://en.wikipedia.org/wiki/Prepared_statement
>
> thx for reminding me of prepared statements
> this is ok for preventing an sql injection i guess, but still
> my insert would fail.
> maybe i should have specified what i want to achieve:
>
> i have a plugin for a call of duty gameserver, this plugin is
> able to ban players from the server by inserting name/ip/etc..
> into a sql database. it is priority that the insert never
> fails. e.g. name could contain a ' which lets my insert fail.
Prepared statements handle this just fine. In fact that's why
they exist, to handle this case.
More information about the Digitalmars-d-learn
mailing list