9951 explained code solutions for 126 technologies


lua-mysqlHow to escape values for SQL query


mysql = require "luasql.mysql"
local pool = mysql.mysql()
local db = pool:connect('test', 'usr', 'pwd')

local sql = string.format("SELECT * FROM test WHERE name = '%s'", db:escape("Don'T"))
db:execute(sql)ctrl + c
require "luasql.mysql"

includes mysql module to work with database

mysql.mysql()

init Mysql connection

pool:connect

connect to Mysql server based on specified credentials

db:execute

executes given query

string.format

we're using format method to generate final SQL with escaped value

'%s'

placeholder for value to insert here

db:escape

escapes specified value (using native Mysql method)

("Don'T")

value (unsafe in our case) to escape


Usage example

mysql = require "luasql.mysql"
local pool = mysql.mysql()
local db = pool:connect('test', 'usr', 'pwd')

local sql = string.format("SELECT * FROM test WHERE name = '%s'", db:escape("Don'T"))
db:execute(sql)

print(sql)
output
SELECT * FROM test WHERE name = 'Don\'T'