• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Sanitizing SQL string
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sanitizing SQL string

  • Subject: Re: Sanitizing SQL string
  • From: Miguel Arroz <email@hidden>
  • Date: Thu, 24 Jan 2008 16:16:46 +0000
Hi!

  Didn't know that method, seems to be perfect for what I'm doing.

But just to kill my curiosity... how would I do it manually? I was doing this:

ERXEOAccessUtilities.evaluateSQLWithEntityNamed( newContext, Contact.ENTITY_NAME,
"UPDATE contact SET optedOut = true WHERE email = '" + User.normalizeEmail(email) + "'" );

normalizeEmail removes spaces, among other things, so that "drop table user" becomes "droptableuser" and doesn't work. But of course, it's a secondary effect, the correct way would be to escape the result of normalizeEmail.

  Yours

Miguel Arroz

On 2008/01/24, at 16:10, Chuck Hill wrote:

Can you be more specific on the SQL that you need to generate. EOF can do much of it for you and Wonder has several options for such batch operations, for example ERXEOAccessUtilities.updateRowsDescribedByQualifier (EOEditingContext ec, String entityName, final EOQualifier qualifier, final NSDictionary newValues). If you can use something like that, you can let EOF worry about the strings.

Chuck

On Jan 24, 2008, at 8:03 AM, Miguel Arroz wrote:

Hi!

I need to do an SQL query to do a batch operation on the DB (yes yes, I know, but trust me, I know what I'm doing).

Usually I only have to deal with PKs and integers and so, but on this specific query I have to handle a text string match (ie, UPDATE blabla WHERE something = 'myText' ). How do I propertly sanitize the string (and escape it and whatever) before sending it to the SQL query? I'm trying to avoid this: <http:// farm3.static.flickr.com/2160/1619915433_fdca91a23e.jpg>.

  Yours

Miguel Arroz

Miguel Arroz
http://www.terminalapp.net
http://www.ipragma.com


--

Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects





_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40guiamac.com

This email sent to email@hidden 

Miguel Arroz
http://www.terminalapp.net
http://www.ipragma.com



Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Sanitizing SQL string
      • From: Chuck Hill <email@hidden>
References: 
 >Sanitizing SQL string (From: Miguel Arroz <email@hidden>)
 >Re: Sanitizing SQL string (From: Chuck Hill <email@hidden>)

  • Prev by Date: Re: Sanitizing SQL string
  • Next by Date: Re: [Wonder-disc] Eclipse don't cuild with Ant
  • Previous by thread: Re: Sanitizing SQL string
  • Next by thread: Re: Sanitizing SQL string
  • Index(es):
    • Date
    • Thread