Skip to main content
Version: 8.1

escapeSQL

This function is used by Ignition's Expression language.

Description

Returns the given string with special SQL characters escaped. This function just replaces single quotes with two single quotes, and backslashes with two backslashes. See system.db.runPrepUpdate for a safer way to sanitize user input.

Syntax

escapeSQL(string)

  • Parameters

    • String string - The starting string.
  • Results

    • String - A string that has been formatted so that single quotes are replaced with two single quotes, and backslashes are replaced with two backslashes.

Examples

Code Snippet
"SELECT * FROM mytable WHERE option = '" + escapeSQL("Jim's Settings") + "'" // returns SELECT * FROM mytable WHERE option='Jim''s Settings'
Code Snippet
"SELECT * FROM mytable WHERE option = 'escapeSQL({Root Container.TextField.text}) + "'" //returns a query with sanitized user input from a text field.