Lasso Soft Inc. > Home

[encode_sqlfull]

Linkencode_sqlfull
AuthorJolle Carlestam
CategoryDatabase
Version9.x
LicensePublic Domain
Posted05 Nov 2013
Updated05 Nov 2013
More by this author...

Description

Alternative to encode_sql that also deals with escaping % and _ so that the resulting string can be safely used when creating sql queries with LIKE sections.
See Bil Corrys talk from LDC Chicago 2008: All Your Base Are Belong To Us

Only needed when dealing with SQL queries using LIKE statements (or any of the other pattern- matching queries that recognize “%” and “_”).

Sample Usage

var(sql = 'SELECT * 
FROM mydb.mytable 
WHERE
myfield LIKE "' + encode_sqlfull(string(web_request -> param('myvalue'))) + '%"')

Source Code

Click the "Download" button below to retrieve a copy of this tag, including the complete documentation and sample usage shown on this page. Place the downloaded ".inc" file in your LassoStartup folder, restart Lasso, and you can begin using this tag immediately.

 encodesql_full()::string => {
	local(text = string(self))
	#text -> replace(regexp(`(["'\\])`), `\\\1`) & replace('\0', `\0`) & replace(`%`, `\%`) & replace(`_`, `\_`) // "
	return #text
}

define encode_sqlfull(text::string) => #text -> encodesql_full
define encodesql_full(text::string) => #text -> encodesql_full

?>

Comments

No comments

Please log in to comment

LassoSoft Inc. > Home

 

 

©LassoSoft Inc 2014 | Web Development by Treefrog Inc | PrivacyLegal terms and Shipping | Contact LassoSoft