sqlite_escape_string
Escapes a string for use as a query parameter.
Syntax
$sqlite_escape_string ( string )
|
Parameters
string
The string to escape.
Return Value
Escaped string.
Remarks
$sqlite_escape_string escapes the specific string so that it can be used safely in queries.You should always call $sqlite_escape_string on user input to avoid SQL injection.
Example
var %str = $?="Input a string:"
var %sql = INSERT INTO table (value) VALUES (' $+ $sqlite_escape_string(%str) $+ ') ; %sql can now be safely executed |