UPDATE table and quote in a text

Trevor DeVore lists at mangomultimedia.com
Sun Feb 17 21:56:36 EST 2008 

On Feb 17, 2008, at 5:23 PM, Horst wrote:
> I know, the easiest way would be to encode the data with  
> base64encode. But
> there must also be a way to  save a text f.e. like 1234'5'6öä'ioup"#  
> in a
> varchar or text type. With base64encode it will f.e. not be possible  
> to use
> the "fulltext" indexing, which I will need. No, there must be  
> another way.
> SQL is not that silly and I learned, that RR is a a powerfull tool,  
> if you
> (or someone else) knows the "tricks". Once again the question: How  
> to save
> any text via RR to a SQL-Table as described before.


Hi Horst,

You can definitely insert any text into a database using Rev as long  
as you cleanse the input first. I've attached a modified handler from  
libDatabase that you can use to escape strings you want to use in an  
UPDATE clause.

SQLite only requires for single quote to be escaped. MySQL has a  
slightly more complex escape sequence as does PostGreSQL. I haven't  
tested the postgresql code myself but I based the code off of some  
docs I found somewhere.

Here is an example of how you could use it:

...
put escapeStringForSQL("mysql", the text of field "UserSuppliedData")  
into theData
put format("UPDATE my_table SET user_data = '%s' WHERE ID = %u",  
theData, theID) into theSQL
....


Regards,

-- 
Trevor DeVore
Blue Mango Learning Systems
www.bluemangolearning.com    -    www.screensteps.com



function escapeStringForSQL pDBType, pString
     switch pDBType
         case "mysql"
             replace numtochar(92) with numtochar(92) & numtochar(92)  
in pString --> \ to \\
             replace numtochar(39) with numtochar(92) & numtochar(39)  
in pString --> ' to \'
             replace numtochar(34) with numtochar(92) & numtochar(34)  
in pString --> " to \"
             replace numtochar(0) with numtochar(92) & numtochar(48)  
in pString --> NULL to \0
             replace numtochar(26) with numtochar(92) & numtochar(90)  
in pString --> Control-Z to \Z
             replace numtochar(10) with numtochar(92) & numtochar(110)  
in pString --> newline to \n
             replace numtochar(13) with numtochar(92) & numtochar(114)  
in pString --> carriage return to \r
             replace numtochar(9) with numtochar(92) & numtochar(116)  
in pString --> tab to \t
             replace numtochar(8) with numtochar(92) & numtochar(98)  
in pString --> backspace to \b
             break
         case "postgresql"
             replace numtochar(92) with numtochar(92) & numtochar(92)  
in pString --> \ to \\
             replace numtochar(39) with numtochar(39) & numtochar(39)  
in pString --> ' to ''
             replace numtochar(12) with numtochar(92) & numtochar(102)  
in pString --> formfeed to \f
             replace numtochar(10) with numtochar(92) & numtochar(110)  
in pString --> newline to \n
             replace numtochar(13) with numtochar(92) & numtochar(114)  
in pString --> carriage return to \r
             replace numtochar(9) with numtochar(92) & numtochar(116)  
in pString --> tab to \t
             replace numtochar(8) with numtochar(92) & numtochar(98)  
in pString --> backspace to \b
             break
         case "sqlite"
         default
             replace numtochar(39) with numtochar(39) & numtochar(39)  
in pString --> ' to ''
             break
     end SWITCH
end lib escapeStringForSQL

More information about the use-livecode mailing list