saving/retrieving punctuation into sql

Hi all, as the title says, how would I accept input from a player that includes punctuation, save it to sql, and then display it without losing any of the punctuation or formatting? Currently, any punctuation seems to stop SQL from saving the value. Can I save line breaks entered in a multiline DTextEntry as well?

Thanks

Escape the string before inserting

the question I was asking was “how”

He did tell you how.

sql.SQLStr( sString, bNoQuotes )

Edit: ninja :v:

I thought this just removed the dis-allowed punctuation from the string? I want them to be kept

No, it escapes them…

I don’t think he understands what this means…

For sake of simplicity, the general concept of escaping, selfdestruk1, is to make a string safe to run in a query or anywhere else it may be volatile. It doesn’t remove anything.

That’s what I thought :S But when I retrieve the value from sql and display it (on a panel, with DLabel) it appears something like this:

What’s your name?
It’s Sally!

[LUA]
local str = “What’s your name?
It’s Sally!”
str = str:gsub( “\”, “” )
print( str )
[/LUA]

WOW and the whole time, the guy I was working with was entering slashes on purpose just to dick with me. xD Thanks anyways lol

Just for clarification; escaping means that you can’t do something like this: '; DELETE * FROM table –

where '; ends the current query prematurely, and DELETE * FROM table removes everything from a table, and – comments out the rest of the query. That’s an example, you could also remove the entire database this way, just by trusting user-input when it comes to querying.

Sorry to reopen an old thread, but I’m still having issues with this. Obviously I’m running my strings through sql.SQLStr(string) but it doesn’t seem to have any effect. If I enter a string such as “don’t” it causes an SQL syntax error due to the apostrophe.

I gave it a shot using string.Explode and then string.Implode with ’ as the separator to remove it from the string but now the ’ is showing up twice? (Like: “don’'t”). These strings are being inserted into a table that I’m saving as a table-to-json into SQL, at the moment (aside from punctuation causing issues) it works well and I’d like to preserve that functionality.

I’ve also done a search and can’t find any information at all about how lua handles punctuation within strings (i’m not talking about for use with SQL here). Does it change punctuation entered into DTextEntries at all or is everything preserved?

What is your code?

This should work just fine. Are you trying to escape like this?

This will likely give you errors in some cases. sql.SQLStr likes to stick single quotes around strings. It has a second parameter to disable the single quotes. (As shown with Rejax’s post)

to change the string, i’ve got:



if isstring(value) then
		
value = sql.SQLStr(value, true)

This is changing the values in a table, which is then converted to a JSON string. Then the string is put into the query:



--get the supplied table and turn it into a JSON string
local insert_string = util.TableToJSON(insert_table)
local query = "INSERT INTO futurplay (value0) VALUES ('" .. insert_string .. "')"

Hi all

I’m no longer putting the string into a JSON, rather I’m doing the above code to SQLStr it, then doing:



eg = "INSERT INTO " .. table .. " value1 VALUES ('" .. string .. "')"


But the query still fails if there’s apostrophes or double quotes in the string. What’s the go, why won’t this work? Is it buggy or do I need to do it differently?