Escapes the given string to protect against SQL injection attacks.
By default it assumes that backslashes are not supported as they are not part of the standard SQL spec. Quoting from the SQLlite web site:
C-style escapes using the backslash character are not supported because they are not standard SQL.
This means three things:
"
are not escaped by default''
instead of \'
'backslash: \\'
.It is recommended to set the backslashSupported
option true
if your SQL
engine supports it. In that case backslash sequences are escaped and single
and double quotes are escaped via a backslash, i.e. '\''
.
(String)
the original string to be used in a SQL query
(Object)
opts
Name | Description |
---|---|
$0.backslashSupported Boolean?
(default false )
|
if
true
backslashes are supported
|
(any)
String
:
the original string escaped wrapped in single quotes, i.e.
'mystring'