ooSQLiteEnquote



Converts the supplied Rexx value(s) into SQL literals. This function is useful to help construct SQL statements. The specified Rexx object(s) are converted to SQL literals by adding single quotes to the beginning and end of the string value of the object, escaping single quotes within the string value of the object, and changing the .nil object to SQL NULL.

Arguments: The single argument is:
values [optional] A Rexx object, or an array-like stem of Rexx objects, to be converted to SQL literals. If this argument is omitted thenNULLis returned.
Return value: The string value of the specified object(s) as a SQL literal, or a comma separated list of SQL literals.
Remarks: TheooSQLiteEnquotefunction accepts a single argumentvalues. Ifvaluesis a stem, then it must be a stem containing tails that are positive whole number indexes. The stem can contain tails 1 through N where N is the count of values to convert, andmustcontain the tail 0 whose value is N. Any tail 1 through N that is not assigned a value is converted to SQL NULL. Any tail 1 through N whose assigned value is the .nilobject is also converted to SQL NULL. For all other tails 1 through N, the value assigned to the tail is converted to a string enclosed in single quotes. If the string contains single quotes, those single quotes are escaped. If the stem contains any other tails, other than 0 through N, those tails are ignored. If N is greater than 1, then each converted value is added to the string with a comma used as a separator. Ifvaluesis not a stem, then it is taken to be a single value to be converted, and is converted in the same manner as a single tail of a stem is converted, as described above. This implies that ifvaluesis omitted altogether, it is converted to SQL NULL.
Details The functionality of theooSQLiteEnQuotefunction is similar to that of the sqlite3_mprintf SQLite API
Example: This example shows how the enquote function can be ussed to create SQL INSERT statements that are not prone to SQL Injection flaws:
r1.0 = 4
r1.1 = "Tom"
r1.2 = "Hanks"
r1.4 = "male"
r2.0 = 4
r2.1 = "Mike"
r2.3 = "555-9988"
r2.4 = .nil
sql1 = "INSERT INTO my_table (fName, lName, phone, gender) VALUES("ooSQLiteEnquote(r1.)");"
sql2 = "INSERT INTO my_table (fName, lName, phone, gender) VALUES("ooSQLiteEnquote(r2.)");"
say sql1
say sql2
/* Output would be:
INSERT INTO my_table (fName, lName, phone, gender) VALUES('Tom', 'Hanks', NULL, 'male');
INSERT INTO my_table (fName, lName, phone, gender) VALUES('Mike', NULL, '555-9988', NULL);
*/
This example shows a conversion for a single string that has an apostrophe within it:
str = "It's a happy day!"
say ooSQLiteEnquote(str)
/* Output would be:
'It''s a happy day!'
*/