Previous: SQL_Num_Rows Next: SQLFC

SQL_Format

string Type_ID
any Value
int Clip_Length
string

Takes any input value and type and formats it for direct substitution into a SQL string. So for instance character values are escaped for quotes and then surrounded by single quotes. Numerics are returned as-is, dates are formatted and so forth.

The optional third parameter specifies a maximum length for character and varchar fields. If it is non-zero, the value will be clipped to that length.

If you use this command for every value received from the browser when you build SQL queries, then your code will be safe from SQL Injection attacks. All framework commands that build queries use this command for all literals provided to them.

Previous: SQL_Num_Rows Next: SQLFC