NaviServer - programmable web server
4.99  5.0

[ Main Table Of Contents | Table Of Contents | Keyword Index ]

ns_dbquotevalues(n) 5.0.0a nsdb "NaviServer Module Commands"

Name

ns_dbquotevalues - Quote database names and values

Table Of Contents

Synopsis

Description

These commands are used to construct SQL statements, making sure that Tcl values are properly quoted depending on position: names or values.

COMMANDS

ns_dbquotevalue value ?type?

Prepare the string value for inclusion in an SQL statement. If value is "", ns_dbquotevalue will return the string "NULL". If value is not "", the returned value depends on type.

If type is one of: bigint, bit, decimal, double, float, int, integer, numeric, real, smallint, or tinyint, then value will be returned without modification. When type is any other string, or if type is omitted, value will be surrounded by single quotes, and any single quotes that it contains will be escaped by translation into two single quotes.

ns_dbquotelist list ?type?

Prepare the provided list for inclusion in an SQL statement. The command calls essentially ns_dbquotevalue for every element of the list and combined the result with a comma.

ns_quotelisttolist string

Transform a string with single quoted elements into a proper Tcl list. In this step, remove space, backslash and single quote characters in the given string.

ns_dbquotename name

Surround name with double quotes if it contains a space. The resulting name can then be used in SQL statements for names of database objects such as tables or columns.

EXAMPLES

 % ns_dbquotevalue ""
 NULL
 % ns_dbquotevalue 45.3 float
 45.3
 % ns_dbquotevalue "John's Car"
 'John''s Car'
 % set company "John's Cheese Factory"
 % ns_db dml $db "INSERT INTO companies (name) VALUES ([ns_dbquotevalue $company])"
 % ns_dbquotevalue "Column Name"
 'Column Name'

See Also

ns_db

Keywords

SQL, database, escape, quote