[Dbix-class] Proper way to escape underscores in DBIC (DBI 101, sorry)
Ash Berlin
ash at cpan.org
Fri Oct 13 14:36:38 CEST 2006
Jules Bean wrote:
> apv wrote:
>
>> I want/need to escape underscores so that simple searches can't be
>> "hacked" by users, accidentally or intentionally. The DBI doc shows
>> this as the way to do it:
>>
>> $esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE
>> $search_pattern =~ s/([_%])/$esc$1/g;
>>
>> Where/how should I do it in (a Catalyst app that's doing) searches with
>> DBIC? I'm interested in overriding it for *all* user facing searches
>> since users should only be allowed to supply literal chars.
>>
>>
>
>
> Don't use LIKE?
>
> _% are only special in the context of a LIKE query.
>
> Jules
c.f 'search' and 'search_like'
More information about the Dbix-class
mailing list