Tag Link | [Encode_SQL] | Category | Encoding |
---|---|---|---|
Type | Substitution | Source Available | No |
Support | Preferred | Version | 6.0 |
Change | Unchanged | Data Source | Any |
Output Type | String | Security | Tag |
Implementation | LCAPI | Sets | Lasso 8.5, Lasso 8.0, Lasso 7.0, Lasso 6.0 |
[Encode_SQL] encodes any characters which are reserved in MySQL SQL statements by placing a backslash before them. In order to help prevent SQL injection attacks, this tag should be used around any visitor supplied values which are concatenated into a statement for an inline
Values passed to other inline actions such as
This tag should be used around each individual value within a MySQL SQL statement. It cannot be used on an entire SQL statement.
[Encode_SQL: 'String Parameter']
[Inline:
(Encode_SQL: 'String Parameter') + '\';']
...
[/Inline]
Required Parameters | |
---|---|
String Value | The string value to be encoded. |
See the Lasso 8 Language Guide for examples of how to use this tag.