addslashes
Brian K. White
brian at aljex.com
Thu Aug 26 07:54:36 PDT 2010
On 8/25/2010 4:39 PM, richard wrote:
> I have a need to create some sql queries using filepro.
>
> My problem is that some of my text includes apostrophes and other chars.
> that "break" the query.
>
> In php there is a command called "addslashes".
>
> Is there a simple way in filepro to turn "Robert's golf clubs" into
> "Robert\'s golf clubs"?
>
> Richard D. Williams
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mailman.celestial.com/pipermail/filepro-list/attachments/20100825/ca982bc9/attachment.html
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> http://mailman.celestial.com/mailman/listinfo/filepro-list
>
Adapted from http://www.aljex.com/bkw/filepro/prc_urlenc.html
If:' data-in data-out
Then: declare extern c_di, c_do
If:' position length inchar outchar data-in-temp '' do not
define size for c_oc or c_dit
Then: declare c_dp(8,.0), c_dl(8,.0), c_ic(1), c_oc, c_dit
If:
Then: c_dp = "1" ; c_do = ""
If:
Then: c_dit = c_di{"" ; c_dl = len(c_dit)
nxtchr If:
Then: c_ic = mid(c_di,c_dp,"1") ; c_oc = c_ic
If:"$&+,/:;=?@ <>#%{}|^~[]`'" { chr("92") { chr("34") co c_ic
Then: c_oc = chr("92") & c_ic
If:
Then: c_do = c_do & c_oc
If:c_dp lt c_dl
Then: c_dp = c_dp + "1" ; goto nxtchr
----------------------
It's written as a call table, where you would save it in a filepro file,
I use one called "lib", so lib/prc.addslashes, and in other tables in
other files you would do:
If:
Then: declare global c_di, c_do
If:
Then: c_di = "input string" ; call "lib/addslashes" ; show c_do
But you could change it to use regular dummies and take out the declares
and use it as a gosub easy.
This off the cuff adaptation is not tested but the table I referenced is
very well tested and the change was tiny so it should be fine.
This:
"$&+,/:;=?@ <>#%{}|^~[]`'" { chr("92") { chr("34")
is all the characters it will escape. Modify to suit since you may want
more or fewer things munged. Thislist was specifically for making
strings url-safe from browsers.
Since writing that originally, as the blacklist string got longer and I
kept running into things it didn't handle, like form feeds, instead of
continuing to add chr("vet another value") to the line,
here's another way that instead of defining a blacklist in a litteral,
it defines a whitelist and uses the fact that the _really_ safe chars
are all in 3 contiguous blocks of ascii values. The advantage is it
works on every possible character including all those high ascii binary
junk that would be impossible to put in a litteral in filepro and would
be impractical to express as 127 chr("n") commands. Since this was a
url-encoder originally, and a binary character is perfectly ok to
express as %hexvalue, I don't know if the same applies for merely
backslash-escaping things for sql queries. I would expect stuff like
that to simply be disallowed, or require other encoding like
backslash+octalvalue or something.
If:
Then: declare extern c_di, c_do
If:
Then: declare c_dp(8,.0), c_dl(8,.0), c_ic(1), c_oc, c_dit, c_ic_d(3,.0)
If:
Then: c_dp = "1" ; c_do = ""
If:
Then: c_dit = c_di{"" ; c_dl = len(c_dit)
nxtchr
IF:
Then: c_ic = mid(c_di,c_dp,"1") ; c_oc = c_ic
If:
Then: c_ic_d = asc(c_ic)
If: c_ic_d ge "48" and c_ic_d le "57" ' 0-9
Then: goto cat
If: c_ic_d ge "65" and c_ic_d le "90" ' A-Z
Then: goto cat
If: c_ic_d ge "97" and c_ic_d le "122" ' a-z
Then: goto cat
If:
Then: c_oc = chr("92") & c_ic_d
cat
Then: c_do = c_do & c_oc
If: c_dp lt c_dl
Then: c_dp = c_dp + "1" ; goto nxtchr
Perhaps for your situation the best answer is the first example, but
just add this to it,
take this line:
If:
Then: c_do = c_do & c_oc
And change it to this
If: asc(c_ic) lt "127"
Then: c_do = c_do & c_oc
That way, the blacklist characters handle all the bad chars in the 0-127
ascii range, and everything above 127 is thrown away.
Or some combination of both ideas because the first example with this
addition probably still leaves a few ascii control characters that you
need to either escape or throw away, these are all down in the 0-45
range, things like form feeds and backspaces etc.
--
bkw
More information about the Filepro-list
mailing list