Skip to content
Newer
Older
100644 78 lines (62 sloc) 2.3 KB
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
1 __NAME__ purpose
2 safely quote strings for use in SQL statements using DBI's quote method
3 __END__
4
5 __NAME__ see also
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
6 sql,query
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
7 __END__
8
9
10 __NAME__ description
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
11 This filter uses the &PERL; DBI quoting method (or actually the DBD, if
12 it redefines it) to make strings safe for use in &glos-SQL; commands.
13 </para><para>
14 All database-specific needs are honored, including (but not limited
15 to) <literal>\</literal> &glos-escape;s for &PGSQL; or &MYSQL;,
16 truncating at the first ASCII NUL for &PGSQL;, and turning a newline into a
17 literal two-character <literal>\n</literal> for &MYSQL;.
18 </para><para>
19 The default database handle is used (the first &conf-ProductFiles; database),
20 unless a different one is specified.
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
21 __END__
22
23
24 __NAME__ notes
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
25 DBI quoting is different from &IC;'s native &filter-sql; filter.
26 See the DBI man page details about the DBI quoting method.
27 </para><para>
28 Since the filter uses database handles, &glos-safe; must be considered if
29 it is being used via the <varname>$Tag</varname> object in a &PERL; block.
30 </para><para>
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
31 For more information see
32 <citerefentry><refentrytitle>DBI</refentrytitle><manvolnum>3</manvolnum></citerefentry>
33 and the DBD documentation for your database.
34 __END__
35
36
d2aac97 @docelic Okay, we're back in business. Log as usual:
docelic authored May 4, 2006
37 Fix the entry, then insert the missing _ at the beginning of line
38 _NAME__ example: Filter example
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
39 <programlisting><![CDATA[
40 [cgi name=code set="That's all" hide=1]
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
41
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
42 [cgi name=code filter=dbi_quote keep=1]
43 ]]></programlisting>
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
44
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
45 If the default &conf-ProductFiles; database is a typical &glos-SQL; database,
46 the filter would return <literal>'that''s all'</literal>, including all the
47 quotes.
48 __END__
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
49
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
50 __NAME__ example: Quoting a literal string, specifying DBI quote method
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
51 <programlisting>
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
52 [filter dbi_quote.DATABASE_NAME]some string \ or other[/filter]
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
53 </programlisting>
54
3139e04 @docelic - guides/xmldocs.xml: guide about writing XMLDOCS (in progress)
docelic authored Oct 20, 2005
55 The above would produce <literal>'some string \\ or other'</literal>
56 for &MYSQL; or &PGSQL;, and
57 <literal>'some string \ or other'</literal> for &ORACLE;.
58 __END__
78dc177 @jonjensen Document latest commits.
jonjensen authored Oct 4, 2005
59
7bd3dfd @racke example added: Quoting for the $Db query method
racke authored Aug 15, 2007
60 __NAME__ example: Quoting for the $Db query method
61 <programlisting><![CDATA[
62 ActionMap set <<EOR
63 sub {
64 my ($action, $name) = split('/', shift, 2);
65 my ($val, $set);
66
67 # lookup code first
68 $Tag->perl({tables => 'sets'});
69
70 $val = $Tag->filter({op => 'dbi_quote.sets', body => $name});
71 $set = $Db{sets}->query({sql => "select code,description from sets where name = $val"});
72
73 ...
74 }
75 EOR
76 ]]></programlisting>
77 __END__
Something went wrong with that request. Please try again.