| Parameter | Description |
|---|---|
| sSQL | The original, unescaped string |
An escaped version of the string
Function SQLEscapedStr String sSQL Returns String
| Call: | Get SQLEscapedStr sSQL to StringVariable |
SQLEscapedStr changes a string to an "escaped" string that is better suited for being used in SQL statements.
It replaces a single quote with two single quotes, which helps protect against SQL injection. This can be handy when creating SQL statements that are defined in psSQLFilter and is particularly useful if you, as the programmer, do not have full control over the content of this filter string. This might happen if the filter is created by the end user or stored in a database.
Procedure OnChange
Handle hoDDO
String sValue
Get Server to hoDDO
Get Value to sValue
Get SQLEscapedStr of hoDDO sValue to sValue
Set psSQLFilter of hoDDO to sValue
End_Procedure
Note that this can only be called once for a string.
You should not call SQLEscapedStr when setting SQLStrLike, because SQLStrLike already calls this function.