dbi_quote — safely quote strings for use in SQL statements using DBI's quote method


This filter uses the Perl DBI quoting method (or actually the DBD, if it redefines it) to make strings safe for use in SQL commands.

All database-specific needs are honored, including (but not limited to) \ escapes for PostgreSQL or MySQL, truncating at the first ASCII NUL for PostgreSQL, and turning a newline into a literal two-character \n for MySQL.

The default database handle is used (the first ProductFiles database), unless a different one is specified.


Example: Quoting a literal string, specifying DBI quote method

[filter dbi_quote.DATABASE_NAME]some string \ or other[/filter]

The above would produce 'some string \\ or other' for MySQL or PostgreSQL, and 'some string \ or other' for Oracle.

Example: Quoting for the $Db query method

ActionMap set <<EOR
sub {
	my ($action, $name) = split('/', shift, 2);
	my ($val, $set);
	# lookup code first
	$Tag->perl({tables => 'sets'});

	$val = $Tag->filter({op => 'dbi_quote.sets', body => $name});
	$set = $Db{sets}->query({sql => "select code,description from sets where name = $val"});



DBI quoting is different from Interchange's native sql filter. See the DBI man page details about the DBI quoting method.

Since the filter uses database handles, safe must be considered if it is being used via the $Tag object in a Perl block.

For more information see DBI(3) and the DBD documentation for your database.


dbi_quote is available in Interchange versions:

4.6.0-5.7.0 (git-head)


Interchange 5.7.0:

Source: code/Filter/dbi_quote.filter
Lines: 26

# Copyright 2005-2007 Interchange Development Group and others
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.  See the LICENSE file for details.
# $Id: dbi_quote.filter,v 1.3 2007-03-30 23:40:44 pajamian Exp $

CodeDef dbi_quote Filter
CodeDef dbi_quote Description SQL quoting using DBI
CodeDef dbi_quote Routine <<EOR
sub {
my ($val, $tag, $table) = @_;

$table ||= $Vend::Cfg->{ProductFiles}[0];

my $db;
unless ($db = dbref($table)) {
  ::logError("filter dbi_quote cannot find database handle for table '%s'", $table);

return $db->quote($val);


Interchange Development Group


sql(7ic), query(7ic)

DocBook! Interchange!