Last active
August 29, 2015 13:58
-
-
Save jolle-c/9956989 to your computer and use it in GitHub Desktop.
Alternative to encode_sql that also deals with escaping % and _. For Lasso 9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| /**! | |
| encodesql_full | |
| Alternative to encode_sql that also deals with escaping % and _ so that the resulting string can be safely used when creating sql queries with LIKE sections. | |
| See Bil Corrys talk from LDC Chicago 2008: All Your Base Are Belong To Us | |
| Only needed when dealing with SQL queries using LIKE statements (or any of the other pattern- matching queries that recognize “%” and “_”). | |
| Example usage | |
| var(sql = 'SELECT * | |
| FROM mydb.mytable | |
| WHERE | |
| myfield LIKE "' + encode_sqlfull(string(web_request -> param('myvalue'))) + '%"') | |
| 2014-04-03 JC Made a Gist of it | |
| 2013-11-01 JC adjusted with more efficient replace handling | |
| 2011-08-31 JC First version | |
| **/ | |
| define string -> encodesql_full()::string => { | |
| local(text = string(self)) | |
| #text -> replace(regexp(`(["'\\])`), `\\\1`) & replace('\0', `\0`) & replace(`%`, `\%`) & replace(`_`, `\_`) // " | |
| return #text | |
| } | |
| define encode_sqlfull(text::string) => #text -> encodesql_full | |
| define encodesql_full(text::string) => #text -> encodesql_full | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment