[Dbix-class] Proper way to escape underscores in DBIC (DBI 101, sorry)
apv
apv at sedition.com
Fri Oct 13 20:37:09 CEST 2006
The behavior happens on ->search(); on mysql anyway.
On Friday, Oct 13, 2006, at 11:15 US/Pacific, Matt S Trout wrote:
>
> On 13 Oct 2006, at 13:36, Ash Berlin wrote:
>
>> Jules Bean wrote:
>>> apv wrote:
>>>
>>>> I want/need to escape underscores so that simple searches can't be
>>>> "hacked" by users, accidentally or intentionally. The DBI doc shows
>>>> this as the way to do it:
>>>>
>>>> $esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE
>>>> $search_pattern =~ s/([_%])/$esc$1/g;
>>>>
>>>> Where/how should I do it in (a Catalyst app that's doing)
>>>> searches with
>>>> DBIC? I'm interested in overriding it for *all* user facing searches
>>>> since users should only be allowed to supply literal chars.
>>>>
>>>>
>>>
>>>
>>> Don't use LIKE?
>>>
>>> _% are only special in the context of a LIKE query.
>>>
>>> Jules
>> c.f 'search' and 'search_like'
>>
>
> search_like considered harmful.
>
> --
> Matt S Trout, Technical Director, Shadowcat Systems Ltd.
> Offering custom development, consultancy and support contracts for
> Catalyst,
> DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for
> details.
> + Help us build a better perl ORM: http://dbix-
> class.shadowcatsystems.co.uk/ +
>
>
>
> _______________________________________________
> List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class
> Wiki: http://dbix-class.shadowcatsystems.co.uk/
> IRC: irc.perl.org#dbix-class
> SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/
> Searchable Archive:
> http://www.mail-archive.com/dbix-class@lists.rawmode.org/
>
>
>
-Ashley
--
http://sedition.com · http://sedition.com/ddx
http://querylog.com · http://ashleypond.com/v
More information about the Dbix-class
mailing list