ADELIA |
SADELIA: |
WADELIA |
EADELIA |
(I/B) |
(B) |
(I/B) |
(B) |
Description
Used to sanitize the text of a "string"-type parameter used to build a SQL query with the aim of preventing SQL injection.
The function replaces unprintable characters with spaces and doubles the end-of-string delimiters ('). In the current implementation, it also doubles the escape character (\) if the DBMS parameter has the 'MYSQ' value.
Syntax
Result= &SQL_SANITIZE(string)
or Result= &SQL_SANITIZE(String;DBMS)
Parameters
Definition |
Content |
Controls |
|
Result |
Alphanumerical variable. |
Character string correctly escaped to prevent SQL injection. |
|
String |
Alphanumerical variable. |
String of characters for which the function is executed. |
Mandatory parameter. |
DBMS |
Constant or alphanumerical variable. |
Name of DBMS for which the escape is performed, the accepted values are the values returned by the reserved word *DBMS. |
Optional parameter. |
NB : if the result field is not long enough, the obtained result is truncated and potentially invalid.
For example
* The CUSTOMER_NAME variable contains the value= Paul's workshop
QUERY= 'SELECT CCUST_COD FROM CUSTOMERS WHERE CCUST_NAME=''' /// &SQL_SANITIZE(CUSTOMER_NAME) /// ''''
*
* The ' character is duplicated in the query text, which becomes
* SELECT CCUST_COD FROM CUSTOMERS WHERE CCUST_NAME='Paul''s workshop'
List of predefined functions by topic
↑ Top of page Copyrights Ι ©Hardis Group 2025 - Any partial or total reproduction of the content, not expressly authorized by Hardis Group, is strictly prohibited.