Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 2 of 2 total
Thread How to escape a query string? IOW, the DBISAM equiv of mysql_real_escape_string
Tue, Jun 15 2010 8:24 PMPermanent Link

samjones4

Hello!

We have that classic issue: folks enter a ' char into the search box in our app, and then the DBISAM query blows up.

So we need to "do the right thing" and escape the incoming data.

Is there a DBISAM func to do this?

IOW, What we want is the dbisam equivalent of: mysql_real_escape_string
( http://php.net/manual/en/function.mysql-real-escape-string.php )


Thanks!
Fri, Jun 18 2010 2:21 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Rafael,

<< We have that classic issue: folks enter a ' char into the search box in
our app, and then the DBISAM query blows up.

So we need to "do the right thing" and escape the incoming data.

Is there a DBISAM func to do this? >>

Use this function:

http://www.elevatesoft.com/manual?action=viewmethod&id=dbisam4&product=d&version=7&comp=TDBISAMEngine&method=QuotedSQLStr

You can just call it like this:

Engine.QuotedSQLStr(....

since the Engine function always returns the single TDBISAMEngine instance
that is auto-created by DBISAM.

--
Tim Young
Elevate Software
www.elevatesoft.com
Image