Skip to main content
Version: 7.9

escapeSQL

This function is used by Ignition's Expression language.

Description

Returns the given string with special SQL characters escaped. This is a fairly simplistic function - it just replaces single quotes with two single quotes, and backslashes with two backslashes. See system.db.runPrepUpdate for a much safer way to sanitize user input.

Syntax

escapeSQL(string)

  • Parameters

    • string string - The starting string.

  • Results

    • string - A string that has been formatted so that single quotes are replaced with two single quotes, and backslashes are replaced with two backslashes.

Examples

Code Snippet
"SELECT * FROM mytable WHERE option = '" + escapeSQL("Jim's Settings") + "'" // returns SELECT * FROM mytable WHERE option='Jim''s Settings'
Code Snippet
"SELECT * FROM mytable WHERE option = 'escapeSQL({Root Container.TextField.text}) + "'" //returns a query with sanitized user input from a text field.
Last updated on by ia-sshamgar