Lucee Function Reference
encodeforsql()
Encodes the given string for safe output in a query to reduce the risk of SQL Injection attacks. _This method is not recommended_ - the use of query parameters are strongly encouraged as a stronger alternative.
Example
encodeforsql(string string,string dialect,[boolean canonicalize]):string
Category
ESAPI,SQL,query
Arguments
The arguments for this function are set. You can not use other arguments except the following ones.
| Name | Type | Required | Default Value | Description |
|---|---|---|---|---|
| string | string | Yes | string to encode | |
| dialect | string | Yes |
SQL dialect used to encode, possible values are: * db2 * mysql_ansi * mysql * oracle |
|
| canonicalize | boolean | No | false | If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded. The default value for canonicalize is false. When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed. To use any other combinations you should canonicalize using canonicalize method and then do encoding. |