Lua SQL 转义字符串(尝试)'"}' 附近未完成的字符串
Lua SQL Escape String (Try) Unfinished String near '"}'
function escape_sqli(source)
to_replace = {"'", '"'}
replace_with = {"\'", '\"'}
output = source
for i = 1, table.getn(to_replace) do
output = string.gsub(output, to_replace[i], replace_with[i])
end
return output
end
我尝试使用上面的代码来转义 SQLis,但是当我尝试编译它时出现以下错误:
Unfinished String near '"}'
就目前而言,the code没有语法错误。
虽然是一个建议;来自 string.gsub 文档:
string.gsub (s, pattern, repl [, n])
[...]
If repl is a table, then the table is queried for every match, using
the first capture as the key.
您可以简单地重新创建替换表,如下所示:
local replacements = { ['"'] = '\"', ["'"] = "\'" }
并在单个 gsub 调用中使用它:
function escape_sqli(source)
local replacements = { ['"'] = '\"', ["'"] = "\'" }
return source:gsub( "['\"]", replacements ) -- or string.gsub( source, "['\"]", replacements )
end
function escape_sqli(source)
to_replace = {"'", '"'}
replace_with = {"\'", '\"'}
output = source
for i = 1, table.getn(to_replace) do
output = string.gsub(output, to_replace[i], replace_with[i])
end
return output
end
我尝试使用上面的代码来转义 SQLis,但是当我尝试编译它时出现以下错误:
Unfinished String near '"}'
就目前而言,the code没有语法错误。
虽然是一个建议;来自 string.gsub 文档:
string.gsub (s, pattern, repl [, n])
[...]
If
replis a table, then the table is queried for every match, using the first capture as the key.
您可以简单地重新创建替换表,如下所示:
local replacements = { ['"'] = '\"', ["'"] = "\'" }
并在单个 gsub 调用中使用它:
function escape_sqli(source)
local replacements = { ['"'] = '\"', ["'"] = "\'" }
return source:gsub( "['\"]", replacements ) -- or string.gsub( source, "['\"]", replacements )
end