Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
tree: 01330ec25d
Fetching contributors…

Cannot retrieve contributors at this time

78 lines (62 sloc) 2.353 kb
__NAME__ purpose
safely quote strings for use in SQL statements using DBI's quote method
__END__
__NAME__ see also
sql,query
__END__
__NAME__ description
This filter uses the &PERL; DBI quoting method (or actually the DBD, if
it redefines it) to make strings safe for use in &glos-SQL; commands.
</para><para>
All database-specific needs are honored, including (but not limited
to) <literal>\</literal> &glos-escape;s for &PGSQL; or &MYSQL;,
truncating at the first ASCII NUL for &PGSQL;, and turning a newline into a
literal two-character <literal>\n</literal> for &MYSQL;.
</para><para>
The default database handle is used (the first &conf-ProductFiles; database),
unless a different one is specified.
__END__
__NAME__ notes
DBI quoting is different from &IC;'s native &filter-sql; filter.
See the DBI man page details about the DBI quoting method.
</para><para>
Since the filter uses database handles, &glos-safe; must be considered if
it is being used via the <varname>$Tag</varname> object in a &PERL; block.
</para><para>
For more information see
<citerefentry><refentrytitle>DBI</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and the DBD documentation for your database.
__END__
Fix the entry, then insert the missing _ at the beginning of line
_NAME__ example: Filter example
<programlisting><![CDATA[
[cgi name=code set="That's all" hide=1]
[cgi name=code filter=dbi_quote keep=1]
]]></programlisting>
If the default &conf-ProductFiles; database is a typical &glos-SQL; database,
the filter would return <literal>'that''s all'</literal>, including all the
quotes.
__END__
__NAME__ example: Quoting a literal string, specifying DBI quote method
<programlisting>
[filter dbi_quote.DATABASE_NAME]some string \ or other[/filter]
</programlisting>
The above would produce <literal>'some string \\ or other'</literal>
for &MYSQL; or &PGSQL;, and
<literal>'some string \ or other'</literal> for &ORACLE;.
__END__
__NAME__ example: Quoting for the $Db query method
<programlisting><![CDATA[
ActionMap set <<EOR
sub {
my ($action, $name) = split('/', shift, 2);
my ($val, $set);
# lookup code first
$Tag->perl({tables => 'sets'});
$val = $Tag->filter({op => 'dbi_quote.sets', body => $name});
$set = $Db{sets}->query({sql => "select code,description from sets where name = $val"});
...
}
EOR
]]></programlisting>
__END__
Jump to Line
Something went wrong with that request. Please try again.