Alternative to encode_sql that also deals with escaping % and _ so that the resulting string can be safely used when creating sql queries with LIKE sections.
See Bil Corrys talk from LDC Chicago 2008: All Your Base Are Belong To Us
Only needed when dealing with SQL queries using LIKE statements (or any of the other pattern- matching queries that recognize “%” and “_”).
Parameters
none
Sample Usage
var(sql = 'SELECT *
FROM mydb.mytable
WHERE
myfield LIKE "' + encode_sqlfull(action_param('myvalue')) + '%"')
Source Code
Click the "Download" button below to retrieve a copy of this tag,
including the complete documentation and sample usage shown
on this page. Place the downloaded ".inc" file in your
LassoStartup folder, restart Lasso, and you can begin using this
tag immediately.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<?LassoScript
/**!
encode_sqlfull
Alternative to encode_sql that also deals with escaping % and _ so that the resulting string can be safely used when creating sql queries with LIKE sections.
See Bil Corrys talk from LDC Chicago 2008: All Your Base Are Belong To Us
2011-08-31 JC First version
**/
define string -> encodesql_full()::string => {
local(text = string(self))
#text -> replace(regexp(`(["'\\])`), `\\\1`) & replace('\0', `\0`)
#text -> replace(`%`, `\%`)
#text -> replace(`_`, `\_`)
return #text
}
define encode_sqlfull(text::string) => #text -> encodesql_full
?>
