On 13 Oct 2006, at 13:36, Ash Berlin wrote: > Jules Bean wrote: >> apv wrote: >> >>> I want/need to escape underscores so that simple searches can't be >>> "hacked" by users, accidentally or intentionally. The DBI doc shows >>> this as the way to do it: >>> >>> $esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE >>> $search_pattern =~ s/([_%])/$esc$1/g; >>> >>> Where/how should I do it in (a Catalyst app that's doing) >>> searches with >>> DBIC? I'm interested in overriding it for *all* user facing searches >>> since users should only be allowed to supply literal chars. >>> >>> >> >> >> Don't use LIKE? >> >> _% are only special in the context of a LIKE query. >> >> Jules > c.f 'search' and 'search_like' >
search_like considered harmful. -- Matt S Trout, Technical Director, Shadowcat Systems Ltd. Offering custom development, consultancy and support contracts for Catalyst, DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for details. + Help us build a better perl ORM: http://dbix- class.shadowcatsystems.co.uk/ + _______________________________________________ List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class Wiki: http://dbix-class.shadowcatsystems.co.uk/ IRC: irc.perl.org#dbix-class SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/ Searchable Archive: http://www.mail-archive.com/[email protected]/
