The important concepts:
- Do not introduce any variables in the SQL QUERY, unless they are guaranteed to not have any characters that would interfere with MYSQL. %computerid% is safe for instance, but %clientname% is not. Place those variables in the string processed by MYSQLEncode.
- Continue Nesting REPLACE() commands as needed to perform any character or string substitutions you want.
- Use CONCAT() to assemble one or more prepared variables, fixed string sections, output from SQL functions like DATE_FORMAT, RANDOM(), etc.
- If possible, only process the filename section. As long as you are only handling the filename, and not the extension or folder path, use LEFT() around the CONCAT to ensure the string is not too long.
- Wrap it in TRIM() to make sure any leading/trailing spaces are removed.
- It is easy to include the variable as part of a complete file path as shown at the end of my example, but you can even use an outer CONCAT() to stick the folder path in front and the file extension onto the end, and then the whole filename and path would be in the returned variable.
In this example script, I am building a hypothetical filename for a device configuration backup to be stored in, which references the ClientName, LocationName, DeviceName, and the DeviceID.
NOTE - This is a Network Device Script, but could be switched to a Computer Script and all of the functions remain the same.