dbi_quote — safely quote strings for use in SQL statements using DBI's quote method
This filter uses the Perl DBI quoting method (or actually the DBD, if it redefines it) to make strings safe for use in SQL commands.
All database-specific needs are honored, including (but not limited
to) \
escapes for PostgreSQL or MySQL,
truncating at the first ASCII NUL for PostgreSQL, and turning a newline into a
literal two-character \n
for MySQL.
The default database handle is used (the first ProductFiles
database),
unless a different one is specified.
Example: Quoting a literal string, specifying DBI quote method
[filter dbi_quote.DATABASE_NAME]some string \ or other[/filter]
The above would produce 'some string \\ or other'
for MySQL or PostgreSQL, and
'some string \ or other'
for Oracle.
Example: Quoting for the $Db query method
ActionMap set <<EOR sub { my ($action, $name) = split('/', shift, 2); my ($val, $set); # lookup code first $Tag->perl({tables => 'sets'}); $val = $Tag->filter({op => 'dbi_quote.sets', body => $name}); $set = $Db{sets}->query({sql => "select code,description from sets where name = $val"}); ... } EOR
DBI quoting is different from Interchange's native sql
filter.
See the DBI man page details about the DBI quoting method.
Since the filter uses database handles, safe must be considered if
it is being used via the $Tag
object in a Perl block.
For more information see DBI(3) and the DBD documentation for your database.
Interchange 5.9.0:
Source: code/Filter/dbi_quote.filter
Lines: 26
# Copyright 2005-2007 Interchange Development Group and others # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. See the LICENSE file for details. # # $Id: dbi_quote.filter,v 1.3 2007-03-30 23:40:44 pajamian Exp $ CodeDef dbi_quote Filter CodeDef dbi_quote Description SQL quoting using DBI CodeDef dbi_quote Routine <<EOR sub { my ($val, $tag, $table) = @_; $table ||= $Vend::Cfg->{ProductFiles}[0]; my $db; unless ($db = dbref($table)) { ::logError("filter dbi_quote cannot find database handle for table '%s'", $table); return; } return $db->quote($val); } EOR