Escaping a string for SQL

Can someone paste me a code snippet that properly escapes/filters a string for safe usage with MySQL?
I don’t want to take any risks and find my database SQLi’d. :wink:

Thanks.

Use this: **[Sql.SQLStr

http://wiki.garrysmod.com/favicon.ico](http://wiki.garrysmod.com/?title=Sql.SQLStr)**!

Ah awesome!
Is that 100% safe?

It comes with the SQLite module, so it should be safe.

The mysql modules all have an escape function too. But if you’re using SQLLite use that.

Escaping a string really just escapes characters that retards try and use to SQLInject, so yeah it should be safe. However, you have other security threats too, look into security methods for SQL databases.