[Dbix-class] Proper way to escape underscores in DBIC (DBI 101, sorry)
Jules Bean
jules at jellybean.co.uk
Fri Oct 13 13:44:31 CEST 2006
apv wrote:
> I want/need to escape underscores so that simple searches can't be
> "hacked" by users, accidentally or intentionally. The DBI doc shows
> this as the way to do it:
>
> $esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE
> $search_pattern =~ s/([_%])/$esc$1/g;
>
> Where/how should I do it in (a Catalyst app that's doing) searches with
> DBIC? I'm interested in overriding it for *all* user facing searches
> since users should only be allowed to supply literal chars.
>
Don't use LIKE?
_% are only special in the context of a LIKE query.
Jules
More information about the Dbix-class
mailing list