Lasso Soft Inc. > Home


AuthorJolle Carlestam
LicensePublic Domain
Posted05 Nov 2013
Updated05 Nov 2013
More by this author...


Alternative to encode_sql that also deals with escaping % and _ so that the resulting string can be safely used when creating sql queries with LIKE sections.
See Bil Corrys talk from LDC Chicago 2008: All Your Base Are Belong To Us

Only needed when dealing with SQL queries using LIKE statements (or any of the other pattern- matching queries that recognize “%” and “_”).

Sample Usage

var(sql = 'SELECT * 
FROM mydb.mytable 
myfield LIKE "' + encode_sqlfull(string(web_request -> param('myvalue'))) + '%"')

Source Code

Click the "Download" button below to retrieve a copy of this tag, including the complete documentation and sample usage shown on this page. Place the downloaded ".inc" file in your LassoStartup folder, restart Lasso, and you can begin using this tag immediately.

 encodesql_full()::string => {
	local(text = string(self))
	#text -> replace(regexp(`(["'\\])`), `\\\1`) & replace('\0', `\0`) & replace(`%`, `\%`) & replace(`_`, `\_`) // "
	return #text

define encode_sqlfull(text::string) => #text -> encodesql_full
define encodesql_full(text::string) => #text -> encodesql_full



No comments

Please log in to comment

LassoSoft Inc. > Home



©LassoSoft Inc 2015 | Web Development by Treefrog Inc | PrivacyLegal terms and Shipping | Contact LassoSoft