6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"how to escape sql injections?\",\"text\":\"

I've encountered a problem that when I using sql to query. like followings:

\\n\\n

sql = \\\"select * from chat where keywords like %key%\\\";\\n

\\n\\n

when I execute this sql with % param this will be query all results of this table. So how can I solve this problem?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"huip\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","javascript",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/javascript/1","children":"javascript"}]}],["$","span","sqlite",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/sqlite/1","children":"sqlite"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/b95c598f4b0353126c7a9d00d45ea12c?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"huip","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2318609/huip","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"huip"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",51]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"how to escape sql injections?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I've encountered a problem that when I using sql to query. like followings:

\n\n

sql = \"select * from chat where keywords like %key%\";\n

\n\n

when I execute this sql with % param this will be query all results of this table. So how can I solve this problem?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",56]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","23260561",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/EhdvP.jpg?s=256","alt":"shalin","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1323381/shalin","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"shalin"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",452]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

SELECT * FROM Customers\nWHERE Country LIKE '%land%';   \n

\n\n

You have missed ' ' SYMBOLS

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","40418693",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40418693","className":"text-blue-600 hover:underline","children":"Sqlite how to escape values to prevent SQL injection"}]}],["$","li","7744912",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7744912","className":"text-blue-600 hover:underline","children":"Making a javascript string sql friendly"}]}],["$","li","43532518",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/43532518","className":"text-blue-600 hover:underline","children":"How to escape a whole sql string instead of escaping each argument?"}]}],["$","li","53259913",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/53259913","className":"text-blue-600 hover:underline","children":"Is escaping SQL queries like this safe?"}]}],["$","li","53345920",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/53345920","className":"text-blue-600 hover:underline","children":"mysql escaping string node js`"}]}],["$","li","30080535",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30080535","className":"text-blue-600 hover:underline","children":"escape a string in node js to insert it in a sqlite3 database"}]}],["$","li","24395257",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24395257","className":"text-blue-600 hover:underline","children":"Double and Single quotes on Insert SQL"}]}],["$","li","7291630",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7291630","className":"text-blue-600 hover:underline","children":"sql injection - how to sanitize program generated sql clause?"}]}],["$","li","12631037",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12631037","className":"text-blue-600 hover:underline","children":"javascript: create SQlite statement with escaped double quotes"}]}],["$","li","4494662",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4494662","className":"text-blue-600 hover:underline","children":"sanitize data for SQL with JavaScript"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

how to escape sql injections?

Answers (1)

Related Questions