[Dbix-class] Proper way to escape underscores in DBIC (DBI 101, sorry)
apv
apv at sedition.com
Wed Oct 11 19:58:46 CEST 2006
I want/need to escape underscores so that simple searches can't be
"hacked" by users, accidentally or intentionally. The DBI doc shows
this as the way to do it:
$esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE
$search_pattern =~ s/([_%])/$esc$1/g;
Where/how should I do it in (a Catalyst app that's doing) searches with
DBIC? I'm interested in overriding it for *all* user facing searches
since users should only be allowed to supply literal chars.
Thanks!
-Ashley
--
More information about the Dbix-class
mailing list