dbi_quote
Prev     Next

Name

dbi_quote — safely quote strings for use in SQL statements using DBI's quote method

DESCRIPTION

This filter uses the Perl DBI quoting method (or actually the DBD, if it redefines it) to make strings safe for use in SQL commands.

All database-specific needs are honored, including (but not limited to) \ escapes for PostgreSQL or MySQL, truncating at the first ASCII NUL for PostgreSQL, and turning a newline into a literal two-character \n for MySQL.

The default database handle is used (the first ProductFiles database), unless a different one is specified.

EXAMPLES

Example: Quoting a literal string, specifying DBI quote method 

[filter dbi_quote.DATABASE_NAME]some string \ or other[/filter]

The above would produce 'some string \\ or other' for MySQL or PostgreSQL, and 'some string \ or other' for Oracle.


Example: Quoting for the $Db query method 

ActionMap set <<EOR
sub {
	my ($action, $name) = split('/', shift, 2);
	my ($val, $set);
	
	# lookup code first
	$Tag->perl({tables => 'sets'});

	$val = $Tag->filter({op => 'dbi_quote.sets', body => $name});
	$set = $Db{sets}->query({sql => "select code,description from sets where name = $val"});

	...
}
EOR

NOTES

DBI quoting is different from Interchange's native sql filter. See the DBI man page details about the DBI quoting method.

Since the filter uses database handles, safe must be considered if it is being used via the $Tag object in a Perl block.

For more information see DBI(3) and the DBD documentation for your database.

AVAILABILITY

dbi_quote is available in Interchange versions:

4.6.0-5.9.0 (git-head)

SOURCE

Interchange 5.9.0:

Source: code/Filter/dbi_quote.filter
Lines: 26 


# Copyright 2005-2007 Interchange Development Group and others
# 
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.  See the LICENSE file for details.
# 
# $Id: dbi_quote.filter,v 1.3 2007-03-30 23:40:44 pajamian Exp $

CodeDef dbi_quote Filter
CodeDef dbi_quote Description SQL quoting using DBI
CodeDef dbi_quote Routine <<EOR
sub {
my ($val, $tag, $table) = @_;

$table ||= $Vend::Cfg->{ProductFiles}[0];

my $db;
unless ($db = dbref($table)) {
  ::logError("filter dbi_quote cannot find database handle for table '%s'", $table);
  return;
}

return $db->quote($val);
}
EOR

AUTHORS

Interchange Development Group

SEE ALSO

sql(7ic), query(7ic)

DocBook! Interchange!

Prev     Next
datetime2epoch  Home  decode_entities