[encode_sqlfull]
| Link | encode_sqlfull |
| Author | Jolle Carlestam |
| Category | Database |
| Version | 9.x |
| License | Public Domain |
| Posted | 05 Nov 2013 |
| Updated | 05 Nov 2013 |
| More by this author... | |
Description
Alternative to encode_sql that also deals with escaping % and _ so that the resulting string can be safely used when creating sql queries with LIKE sections.
See Bil Corrys talk from LDC Chicago 2008: All Your Base Are Belong To Us
Only needed when dealing with SQL queries using LIKE statements (or any of the other pattern- matching queries that recognize “%” and “_”).
Sample Usage
var(sql = 'SELECT *
FROM mydb.mytable
WHERE
myfield LIKE "' + encode_sqlfull(string(web_request -> param('myvalue'))) + '%"')
Source Code
Click the "Download" button below to retrieve a copy of this tag, including the complete documentation and sample usage shown on this page. Place the downloaded ".inc" file in your LassoStartup folder, restart Lasso, and you can begin using this tag immediately.
encodesql_full()::string => {
local(text = string(self))
#text -> replace(regexp(`(["'\\])`), `\\\1`) & replace('\0', `\0`) & replace(`%`, `\%`) & replace(`_`, `\_`) // "
return #text
}
define encode_sqlfull(text::string) => #text -> encodesql_full
define encodesql_full(text::string) => #text -> encodesql_full
?>
Comments
No comments
