Menu
▾
▴
[NetScript CVS] CVS: netscript2/src/perl/NetScript/Libraries DatabaseLibrary.pm,1.2,1.3
|
From: Jan T. <de...@us...> - 2002-09-24 22:40:08
|
Update of /cvsroot/net-script/netscript2/src/perl/NetScript/Libraries
In directory usw-pr-cvs1:/tmp/cvs-serv28016
Modified Files:
DatabaseLibrary.pm
Log Message:
* added SQL-escaping library function
Index: DatabaseLibrary.pm
===================================================================
RCS file: /cvsroot/net-script/netscript2/src/perl/NetScript/Libraries/DatabaseLibrary.pm,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** DatabaseLibrary.pm 21 Aug 2002 10:34:44 -0000 1.2
--- DatabaseLibrary.pm 24 Sep 2002 22:40:05 -0000 1.3
***************
*** 78,82 ****
# </example>
# </pre>
! #
# @note The database Library requires the DBI-Module.
#*/
--- 78,86 ----
# </example>
# </pre>
! # This library also offers a function for escaping strings
! # (which is useful if you want to put user put into SQL-statements.).
! # <pre>
! # sql[any string here] - escapes the given string (SQL-escape)
! # </pre>
# @note The database Library requires the DBI-Module.
#*/
***************
*** 116,119 ****
--- 120,126 ----
# create event listeners for all events
+ # register the SQL-escape function
+ $this -> interpreter() -> getStatementEvaluator() ->
+ registerLibraryFunction( "sql", $this, "escapeSQL" );
my $eventListener1 = NetScript::Engine::EventListener -> new();
***************
*** 358,361 ****
--- 365,380 ----
}
return 1; # do not consume event
+ }
+
+
+ #/**
+ # Escapes the given string as an SQL-String. This mainly escapes backslashes
+ # and single quotes.
+ #*/
+ sub escapeSQL {
+ my ( $this , $string ) = @_;
+ $string =~ s/\\/\\\\/g;
+ $string =~ s/'/\\'/g;
+ return $string;
}
|
