Wednesday, May 7, 2014

Clean strings in pass through SQL in Dexterity

There's a builtin function called SQL_FormatStrings() that escapes the single-quotes in a string and then adds single-quotes around the string. This is not in any of the Dex documentation, I found  

This is absolutely necessary when using raw SQL strings in any application. For one, if you're like me you'll forget to add the damn single-quotes around the string. Second, it prevents SQL injection attacks.

No comments:

Post a Comment