问题
I need a way to escape data for mysql statements in lua. I'm used to doing something like mysql_real_escape_string() in php but can't find an equivalent in lua using mysql (con:escape() worked when I was using sqlite3). I've read that prepared statements are a solution but it doesn't seem to work for me. What am I doing wrong?
require "luasql.mysql"
env = assert (luasql.mysql())
con = env:connect("db_name", "user", "pass", "localhost")
local stmt = con:prepare([[
SELECT * FROM `user`
WHERE `login` = :a AND `pass` = :b LIMIT 1
]])
stmt.a = "some_user"
stmt.b = "some_pass"
This errors with "attempt to call method 'prepare' (a nil value)".
If I try to run a straight SELECT * execute on con it works fine, so the connection is being made, but this prepare statement does not work (it's not even recognizing prepare as a valid method, it seems).
回答1:
It looks like the prepare functionality was added to LuaSQL within the last year or two, so maybe you version is a bit older?
Also, try con:escape(yourQuery) to do the escaping, maybe that will be sufficient for your needs.
来源:https://stackoverflow.com/questions/6318525/lua-mysql-need-a-way-to-escape-data