I use https://github.com/mysqljs/mysql.git library.
I have a mysql db query architecture in which i can not modify the sql quey file one by one to escape each arguments for there has too many files, but all the sql queries will call the query method of a same base mysql instance, so i wonder if i can escape the eventual sql string in the base mysql query mthod.
I want to escape the whole sql string like select * from tableA where name = 'foo'bar' to select * from tableA where name = 'foo\'bar'
with some function like mysql_escape("select * from tableA where name = 'foo'bar'")
instead of doing this using Preparing Queries
or concating escaped strings
.
via Aflext
No comments:
Post a Comment