| Subject | Re: [IBO] Escape |
|---|---|
| Author | Helen Borrie |
| Post date | 2003-06-08T01:07:16Z |
At 09:05 PM 6/06/2003 -0400, you wrote:
single-quote (') and, with older IB versions, double-quote ("), because of
their syntactic role as string delimiters. Both SQL and Delphi provide
for you to escape the single-quote by adding an extra single-quote before
it. Delphi will do that work for you, provided you pick up the text as a
string variable and use the QuotedStr( ) function to "morph" it.
You'll have to do this in your code if you are using the
TDataset-compatible data access. The TIB_Datasource does it for you for
the native IBO components; but you'll need to use QuotedStr( ) if you are
collecting user input via non-data-aware input controls or other containers
not linked to an ib_datasource.
There won't be any problem with "/" in a string unless you are feeding the
text into a non-character column, which doesn't appear to be the case
here. I don't recall it causing problems in Delphi but, if it does,
QuotedStr( ) should take care of it, since its job is to respect every
character inside the string as a character and provide the necessary escaping.
It's a long time since I used an old IB version (where double and single
quotes were interchangeable as string delimiters) so I'm not certain
whether native IBO does the right thing with them when parsing strings. It
certainly does for Firebird. QuotedStr( ) will take care of them, in any case.
FB/IB doesn't otherwise natively provide for or accept any escaping. So,
for example, if your app needs to store non-printable characters, you will
have to pass a UDF call to ascii_char( ) in your SQL (or do some other
nudge tricks on the server side in Before Insert/Update triggers).
Helen
>If available, would like a pointer to a standard Escape function that allowsThe only characters that you will have problems with in character types are
>use of ' and / in the content of insert and update queries, so that users
>can type ' and / in plain text for input, and other users can expect to see
>these characters correctly rendered in other queries.
single-quote (') and, with older IB versions, double-quote ("), because of
their syntactic role as string delimiters. Both SQL and Delphi provide
for you to escape the single-quote by adding an extra single-quote before
it. Delphi will do that work for you, provided you pick up the text as a
string variable and use the QuotedStr( ) function to "morph" it.
You'll have to do this in your code if you are using the
TDataset-compatible data access. The TIB_Datasource does it for you for
the native IBO components; but you'll need to use QuotedStr( ) if you are
collecting user input via non-data-aware input controls or other containers
not linked to an ib_datasource.
There won't be any problem with "/" in a string unless you are feeding the
text into a non-character column, which doesn't appear to be the case
here. I don't recall it causing problems in Delphi but, if it does,
QuotedStr( ) should take care of it, since its job is to respect every
character inside the string as a character and provide the necessary escaping.
It's a long time since I used an old IB version (where double and single
quotes were interchangeable as string delimiters) so I'm not certain
whether native IBO does the right thing with them when parsing strings. It
certainly does for Firebird. QuotedStr( ) will take care of them, in any case.
FB/IB doesn't otherwise natively provide for or accept any escaping. So,
for example, if your app needs to store non-printable characters, you will
have to pass a UDF call to ascii_char( ) in your SQL (or do some other
nudge tricks on the server side in Before Insert/Update triggers).
Helen