[Encode_SQL] encodes any characters which are reserved in SQL statements. This encoding is appropriate for most SQL-based data sources (including SQLite and JDBC data sources) other than MySQL. In order to help prevent SQL injection attacks, this tag should be used around any visitor supplied values which are concatenated into a statement for an inline -SQL action. The tag takes a single argument which is a string to be encoded.
Values passed to other inline actions such as -Search, -Add, or -Update are automatically encoded by Lasso. Values passed to MySQL must be encoded using the [Encode_SQL] tag instead of this tag.
Values encoded with this tag should be surrounded by single quotes. This tag should be used around each individual value within a SQL statement. It cannot be used on an entire SQL statement.
[Inline: ..., -SQL='SELECT * FROM table WHERE field = \'' + (Encode_SQL92: Value) + \'']
See the Lasso 8 Language Guide for examples of how to use this tag.
Tag Link | [Encode_SQL92] | Category | Encoding |
---|---|---|---|
Type | Substitution | Data Source | Any |
Support | Preferred | Version | 8.0 |
Output Type | None | Security | None |
Implementation | LDML | Sets | Lasso 8.5, Lasso 8.0 |
Please note that periodically LassoSoft will go through the notes and may incorporate information from them into the documentation. Any submission here gives LassoSoft a non-exclusive license and will be made available in various formats to the Lasso community.
©LassoSoft Inc 2015 | Web Development by Treefrog Inc | Privacy | Legal terms and Shipping | Contact LassoSoft