SQLite escape and unescape functions

SQLite escape and unescape functions Oct 11, 2007 14:52:03 GMT -5

Quote

Post by Brent on Oct 11, 2007 14:52:03 GMT -5

Before executing any query using user-entered text, you should escape it to prevent syntax errors in the SQL code or (worse) SQL injection by malicious people or scripts.

Code:

a$ = sqliteEscape$("''a's'd'f''")
b$ = sqliteUnescape$(a$)
print a$
print b$
end

Function sqliteEscape$( Text$ )
    i = InStr(Text$, "'")
    While i
        Text$ = Left$(Text$, i) + Mid$(Text$, i)
        i = InStr(Text$, "'", i + 2)
    Wend
    sqliteEscape$ = Text$
End Function

Function sqliteUnescape$( Text$ )
    i = InStr(Text$, "''")
    While i
        Text$ = Left$(Text$, i) + Mid$(Text$, i + 2)
        i = InStr(Text$, "''", i + 1)
    Wend
    sqliteUnescape$ = Text$
End Function