[Dbix-class] Proper way to escape underscores in DBIC (DBI 101, sorry)
apv
apv at sedition.com
Fri Oct 13 20:42:20 CEST 2006
Oh... wait, I think I was looking at the wrong piece of code.
D'oh. Sorry!
-Ashley
On Friday, Oct 13, 2006, at 11:37 US/Pacific, apv wrote:
> The behavior happens on ->search(); on mysql anyway.
>
> On Friday, Oct 13, 2006, at 11:15 US/Pacific, Matt S Trout wrote:
>
>>
>> On 13 Oct 2006, at 13:36, Ash Berlin wrote:
>>
>>> Jules Bean wrote:
>>>> apv wrote:
>>>>
>>>>> I want/need to escape underscores so that simple searches can't be
>>>>> "hacked" by users, accidentally or intentionally. The DBI doc shows
>>>>> this as the way to do it:
>>>>>
>>>>> $esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE
>>>>> $search_pattern =~ s/([_%])/$esc$1/g;
>>>>>
>>>>> Where/how should I do it in (a Catalyst app that's doing)
>>>>> searches with
>>>>> DBIC? I'm interested in overriding it for *all* user facing
>>>>> searches
>>>>> since users should only be allowed to supply literal chars.
>>>>>
>>>>>
>>>>
>>>>
>>>> Don't use LIKE?
>>>>
>>>> _% are only special in the context of a LIKE query.
>>>>
>>>> Jules
>>> c.f 'search' and 'search_like'
>>>
>>
>> search_like considered harmful.
>>
>> --
>> Matt S Trout, Technical Director, Shadowcat Systems Ltd.
>> Offering custom development, consultancy and support contracts for
>> Catalyst,
>> DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for
>> details.
>> + Help us build a better perl ORM: http://dbix-
>> class.shadowcatsystems.co.uk/ +
>>
>>
>>
>> _______________________________________________
>> List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class
>> Wiki: http://dbix-class.shadowcatsystems.co.uk/
>> IRC: irc.perl.org#dbix-class
>> SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/
>> Searchable Archive:
>> http://www.mail-archive.com/dbix-class@lists.rawmode.org/
>>
>>
>>
>
>
> -Ashley
> --
> http://sedition.com · http://sedition.com/ddx
> http://querylog.com · http://ashleypond.com/v
>
>
> _______________________________________________
> List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class
> Wiki: http://dbix-class.shadowcatsystems.co.uk/
> IRC: irc.perl.org#dbix-class
> SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/
> Searchable Archive:
> http://www.mail-archive.com/dbix-class@lists.rawmode.org/
>
>
>
-Ashley
--
http://sedition.com · http://sedition.com/ddx
http://querylog.com · http://ashleypond.com/v
More information about the Dbix-class
mailing list