Products Downloads


French version


 

 

ADELIA

SADELIA:

WADELIA

(I/B)

(B)

(I/B)

 

Description

Used to sanitize the text of a "string"-type parameter used to build a SQL query with the aim of preventing SQL injection.

 

The function replaces unprintable characters with spaces and doubles the end-of-string delimiters ('). In the current implementation, it also doubles the escape character (\) if the DBMS parameter has the 'MYSQ' value.

 

Syntax

Result= &SQL_SANITIZE(string)

or Result= &SQL_SANITIZE(String;DBMS)

 

Parameters

 

Definition

Content

Controls

Result

Alphanumerical variable.

Character string correctly escaped to prevent SQL injection.

 

String

Alphanumerical variable.

String of characters for which the function is executed.

Mandatory parameter.

DBMS

Constant or alphanumerical variable.

Name of DBMS for which the escape is performed, the accepted values are the values returned by the reserved word *DBMS.

Optional parameter.

 

NB : if the result field is not long enough, the obtained result is truncated and potentially invalid.

 

For example

* The real value is My bank

CLIENT_NAME = 'My bank'

QUERY= 'SELECT CCOD_CLI FROM CLIENTS WHERE CNOM_CLI=''' /// &SQL_SANITIZE(CLIENT_NAME) /// ''''

*

* The ' character is duplicated in the query text, which becomes

* SELECT CCOD_CLI FROM CLIENTS WHERE CNOM_CLI='My bank'

 

List of predefined functions by topic

↑ Top of page

  • Aucune étiquette