On Dec 8, 2004, at 3:33 AM, Harald Joerg wrote:
I've just tested it: TT2's parser converts q('a''b') to two separate
parameters 'a' and 'b'. So, if you have funky SQL characters, you'd
*really* better wait for TT3 :-)
Or sanitize your input from users some other way. This could lead to a
BIG SQL
Vivek Khera writes:
> On Dec 6, 2004, at 5:55 PM, Larry Leszczynski wrote:
>
>> Thanks for the idea Harald! I had previously tried using eval but
>> without
>> success. It now works using the following:
>>
>>[%
>> sth = DBI.prepare(query);
>> params_list = "'" _ bind_params.join
On Dec 6, 2004, at 5:55 PM, Larry Leszczynski wrote:
Thanks for the idea Harald! I had previously tried using eval but
without
success. It now works using the following:
[%
sth = DBI.prepare(query);
params_list = "'" _ bind_params.join("','") _ "'";
"[% rows = sth.execute(
Larry Leszczynski wrote:
> The piece I was missing was splitting the end tag so that the parser does
> not think there are nested tags going on.
That's fixed in TT3, too.
Not only can you do this without confusing the parser:
[% tag_end = '%]' %]
But you can also "properly" nest tags, like s
Thanks for the idea Harald! I had previously tried using eval but without
success. It now works using the following:
[%
sth = DBI.prepare(query);
params_list = "'" _ bind_params.join("','") _ "'";
"[% rows = sth.execute($params_list) %" _ "]" FILTER eval;
FOREACH row
Larry Leszczynski writes:
I'm having trouble passing a list of bind parameter values to the DBI
execute function, hoping someone can shed some light. It works fine when
the query has a single placeholder and I send a single string. But when
the query has multiple placeholders and I try to send a
Larry Leszczynski wrote:
> [%
>sth = DBI.prepare(query);
>rows = sth.execute(bind_params);
> -%]
>
[...]
> Is there some sort of dereferencing or eval-ing that I need to do to get
> the bind_params list passed through to execute?
No, not in TT2. In TT3 you'll be able to do this:
[%
Hi -
I'm having trouble passing a list of bind parameter values to the DBI
execute function, hoping someone can shed some light. It works fine when
the query has a single placeholder and I send a single string. But when
the query has multiple placeholders and I try to send a list, the execute
su