STRING::ESCAPE_SQL_TABLE 1g 2023-11-12 laplante@plcb.ca GOWEB/STRING — Validate and Escape SQL Table Namestitle: “STRING::ESCAPE_SQL_TABLE” version: “1.0.0” date: 2023-11-12 author: “laplante@plcb.ca” section: “1g” category: “GOWEB/STRING”
string::escape_sql_table Validate and Escape SQL Table Names
string::escape_sql_table(string [, error: variable])
escape_sql_table(string [, error: variable])
string::escapeSqlTable(string [, error: variable])
escapeSqlTable(string [, error: variable])
The escape_sql_table function validates that a string is a valid SQL table name and returns it if valid.
If the string contains invalid characters, it sets the provided error variable and returns null.
A valid SQL table name must match the following regular expression:
^[a-zA-Z0-9_]+$
This ensures the name contains only letters, digits, and underscores.
string (string, required) The table name to validate.
error (variable, optional) A variable that will be set with an error message if the table name is invalid.
res={{
escape_sql(dqq[['"? \n\r]]); "\n";
escape_sql(dqq[[abcdef]]); "\n";
escape_sql(dqq[[1'2]]); "\n";
escape_sql(dqq[[1\\2]]); "\n";
escape_sql(dqq[[abc search def]]); "\n";
escape_sql_table(error:err, "a b "); err; "\n";
escape_sql_table(error:err, "test"); err; "\n";
sql(error: sqlerr, "select * from " + escape_sql_table(error:err, "a v")); sqlerr; "\n";
}};
Returns:
res = \'\"? \
\
abcdef
1\'2
1\\2
abc search def
string::escape_sql_table : this parameter 2 can't be use : string: "a b " invalid table name : a b
test
db::sql : error running sql 'select * from ': Error 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1