Converts the supplied Rexx value(s) into SQL literals. This method is useful to help construct SQL statements. The
specified Rexx object(s) are converted to SQL literals by adding single quotes to the beginning and end of the string
value of the object, escaping single quotes within the string value of the object, and changing the
.nil object to SQL NULL.
| Arguments: |
The single argument is:
| values [optional] |
A Rexx object, or an array of Rexx objects, to be converted to SQL literals. If this argument is omitted then
NULLis returned.
|
|
| Return value: |
The string value of the specified object(s) as a SQL literal, or a comma separated list, of SQL literals.
|
| Remarks: |
Theenquotemethods accepts a single argument,values. Ifvaluesis an array whosesizeis N, then each item at index 1 through N is converted to a SQL literal. Any index 1
through N that is not assigned an item is converted to SQL NULL. Likewise, if an item 1 through N is the
.nilobject, that item is converted to SQL NULL. All other items are converted to
the string value of the item, with a single quote added to the front and end of the string. If the string value
contains any single quotes, those single quotes are escaped. If N is greater than 1, then each converted value is
added to the returned string with a comma used as a separator.
Ifvaluesis not an array, then it is taken to be a single value to be converted,
and is converted in the same manner as a single item in an array is converted, as described above. This implies that
ifvaluesis omitted altogether, it is converted to SQL NULL.
|
| Details |
The functionality of theenquotemethod is similar to that of the SQLite
sqlite3_mprintf API.
|
| Example: |
This example shows how theenquotemethod can be used to create SQL INSERT
statements that are not prone to SQL Injection flaws:
| r1 = .array~new(4) |
| r1[1] = "Tom" |
| r1[2] = "Hanks" |
| r1[4] = "male" |
|
| r2 = .array~of("Mike", , "555-9988", .nil) |
|
| sql1 = "INSERT INTO my_table (fName, lName, phone, gender) VALUES("ooSQLite~enquote(r1)");" |
| sql2 = "INSERT INTO my_table (fName, lName, phone, gender) VALUES("ooSQLite~enquote(r2)");" |
|
| say sql1 |
| say sql2 |
|
| /* Output would be: |
|
| INSERT INTO my_table (fName, lName, phone, gender) VALUES('Tom', 'Hanks', NULL, 'male'); |
| INSERT INTO my_table (fName, lName, phone, gender) VALUES('Mike', NULL, '555-9988', NULL); |
|
| */
|
This example shows a conversion for a single string that has an apostrophe within it:
| str = "It's a happy day!" |
| say .ooSQLite~Enquote(str) |
|
| /* Output would be: |
|
| 'It''s a happy day!' |
|
| */
|
|
