string.encodeForSQL()

Encodes the given string for safe output in a query to reduce the risk of SQL Injection attacks. This method is not recommended - the use of query parameters are strongly encouraged. See <cfqueryparam>.


		string.encodeForSQL( dialect=string, canonicalize=boolean )

Returns: String

Argument	Description
dialect _{string, required}	SQL dialect used to encode, possible values are: * db2 * mysql_ansi * mysql * oracle
canonicalize _{boolean, optional}	If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded. The default value for canonicalize is false. When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed. To use any other combinations you should canonicalize using canonicalize method and then do encoding.

Argument

Description

dialect

_{string,

required}

SQL dialect used to encode, possible values are: * db2 * mysql_ansi * mysql * oracle

canonicalize

_{boolean,

optional}

If set to true, canonicalization happens before encoding. If set to false, the given input string will just be encoded. The default value for canonicalize is false. When this parameter is not specified, canonicalization will not happen. By default, when canonicalization is performed, both mixed and multiple encodings will be allowed. To use any other combinations you should canonicalize using canonicalize method and then do encoding.

Examples

There are currently no examples for this function

string.encodeForSQL()

Examples

See also