[docs] xmldocs - jon modified 3 files
docs at icdevgroup.org
docs at icdevgroup.org
Tue Oct 4 15:59:43 EDT 2005
User: jon
Date: 2005-10-04 19:59:43 GMT
Modified: refs sql.filter
Added: refs dbi_quote.filter filter_sql_no_backslash
Log:
Document latest commits.
Davor, sorry about the tons of DocBook mistakes that are likely here.
Revision Changes Path
1.2 +5 -2 xmldocs/refs/sql.filter
rev 1.2, prev_rev 1.1
Index: sql.filter
===================================================================
RCS file: /var/cvs/xmldocs/refs/sql.filter,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -u -r1.1 -r1.2
--- sql.filter 29 May 2005 15:01:39 -0000 1.1
+++ sql.filter 4 Oct 2005 19:59:43 -0000 1.2
@@ -1,5 +1,5 @@
__NAME__ purpose
-replace quoting with SQL quoting
+quote strings for use in SQL statements, without reference to a specific database
__END__
__NAME__ see also
@@ -8,7 +8,10 @@
__NAME__ description
The filter replaces single quotes (<literal>'</literal>) with
-"double" single quotes (<literal>''</literal>).
+"double" single quotes (<literal>''</literal>). By default it will also
+replace a backslash (<literal>\</literal>) with two backslashes
+(<literal>\\</literal>) (as is needed to escape PostgreSQL and MySQL
+strings) but that can be disabled by setting the filter_sql_no_backslash pragma.
__END__
1.1 xmldocs/refs/dbi_quote.filter
rev 1.1, prev_rev 1.0
Index: dbi_quote.filter
===================================================================
__NAME__ purpose
safely quote strings for use in SQL statements using DBI's quote method
__END__
__NAME__ see also
the sql filter
the query tag and [PREFIX-quote] sub-tag
__END__
__NAME__ description
This filter uses DBI's quote method (or the DBD's, if it overrides)
to make a string safe to use in SQL. It takes into account any
database-specific quoting needs, such as <literal>\</literal> for
PostgreSQL or MySQL, truncating at the first ASCII NUL for PostgreSQL,
turning a newline into a literal two-character <literal>\n</literal> for
MySQL, etc.
The default database handle is used (the first ProductFiles database),
unless another is specified. (See the example.)
Note the containing quotes, which is different than Interchange's native
"sql" filter. See also the DBI man page details about the quote method.
Since this uses database handles, Safe must be considered if it's being
used via the $Tag object in a Perl block.
__END__
__NAME__ notes
For more information see
<citerefentry><refentrytitle>DBI</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and the DBD documentation for your database.
__END__
_NAME__ online: Filter example
To use the filter to safely quote the example CGI variable "code",
with the value "that's all":
<programlisting>
[cgi name=code filter=dbi_quote keep=1]
</programlisting>
If the default products database is a typical SQL database, that returns:
<literal>'that''s all'</literal>
To quote a literal string, specifying the desired database handle's quote method:
<programlisting>
[filter dbi_quote.inventory]some string \ or other[/filter]
</programlisting>
If "inventory" is a MySQL database, this returns:
<literal>'some string \\ or other'</literal>
Whereas if it were an Oracle database, it would return:
<literal>'some string \ or other'</literal>
_END__
1.1 xmldocs/refs/filter_sql_no_backslash
rev 1.1, prev_rev 1.0
Index: filter_sql_no_backslash
===================================================================
__NAME__ purpose
do not escape backslashes in "sql" filter
__END__
__NAME__ synopsis
<group choice='req'>
<arg choice='plain'>0</arg>
<arg choice='plain'>1</arg>
</group>
__END__
__NAME__ default
0
__END__
__NAME__ description
This &glos-pragma; disables default doubling of backslashes by the "sql" filter.
You may want to set this pragma if using a database other than PostgreSQL and MySQL.
(SQL standard strings do not treat <literal>\</literal> specially, so it normally
doesn't need to be escaped.)
__END__
__NAME__ example: Enable filter_sql_no_backslash pragma catalog-wide
Put the following in catalog.cfg:
<programlisting>
Pragma filter_sql_no_backslash
</programlisting>
__END__
More information about the docs
mailing list