On Fri, Dec 11, 2009 at 11:18 PM, Robert Weiss <b...@dcxchol.com> wrote:
> Here's a snippet of code I've been using that satisfies some, but not all, of
> the problems that people have mentioned:
>
> local l_null = {}
>
> local function dbfs(s)
> local x
> if s==nil or s==l_null then return 'NULL' end
> if type(s)=='string' then return "'"..string.gsub(s,"'","''").."'" end
> if type(s)=='boolean' then return s and 1 or 0 end
> return s
> end
This is not enough IMO.
mysql_real_escape_string() escapes characters like NUL (ASCII 0), \n,
\r, \, ', ", and Control-Z. I also think it takes your encoding into
account.
The right solution is to use what your database driver provides.
--
Bertrand Mansion
Mamasam
_______________________________________________
Kepler-Project mailing list
Kepler-Project@lists.luaforge.net
http://lists.luaforge.net/cgi-bin/mailman/listinfo/kepler-project
http://www.keplerproject.org/
