SEARCH:
Documentation
Framework API Reference
Specialized SQL Commands
Previous: rowsForSelect Next: tsFromAny

sqlFormat

string type
any Value
int Clip_Length
string


Takes any input value and type and formats it for direct substitution into a SQL string. So for instance character values are escaped for quotes and then surrounded by single quotes. Numerics are returned as-is, dates are formatted and so forth.

The optional third parameter specifies a maximum length for character and varchar fields. If it is non-zero, the value will be clipped to that length.

If you use this command for every value received from the browser when you build SQL queries, then your code will be safe from SQL Injection attacks. All framework commands that build queries use this command for all literals provided to them.

Previous: rowsForSelect Next: tsFromAny