On Tuesday 19 September 2006 I wrote:
> Maybe this question is more related to SQL::Abstract, but maybe
> someone can help here:
>
> Is there any support for db engine independent escaping (user) input
> ('%' and '_')?
hmm ... looks like there is not...
> DBI returns the escape character by calling $dbh->get_info(14), but I
> would like a more elegant/intuitive solution.
Just to give an example what I mean (from a Catalyst application):
my $esc =
$c->model('DB::Table')->result_source->schema->storage->dbh->get_info(14);
my $input = $c->request->params->{input}
$input =~ s/([_%])/$esc$1/g;
Not very pretty, but always needed, where user input from external
sources is used inside SQL queries.
Comments?
--
Bernhard Graf
_______________________________________________
List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class
Wiki: http://dbix-class.shadowcatsystems.co.uk/
IRC: irc.perl.org#dbix-class
SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/
Searchable Archive: http://www.mail-archive.com/[email protected]/
