function escape_sqli(source)
to_replace = {"'", '"'}
replace_with = {"\'", '\"'}
output = source
for i = 1, table.getn(to_replace) do
output = string.gsub(output, to_replace[i], replace_with[i])
end
return output
end
我尝试使用上面的代码来转义 SQLis,但是当我尝试编译它时出现以下错误:
Unfinished String near '"}'
最佳答案
就目前而言,the code 中不存在语法错误。 .
不过是一个建议;来自 string.gsub文档:
string.gsub (s, pattern, repl [, n])
[...]
If
replis a table, then the table is queried for every match, using the first capture as the key.
您可以简单地重新创建替换表,如下所示:
local replacements = { ['"'] = '\\"', ["'"] = "\\'" }
并在单个 gsub 调用中使用它:
function escape_sqli(source)
local replacements = { ['"'] = '\\"', ["'"] = "\\'" }
return source:gsub( "['\"]", replacements ) -- or string.gsub( source, "['\"]", replacements )
end
关于string - Lua SQL 转义字符串(尝试) '"附近未完成的字符串}',我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28795538/