ns_dbquotevalues - Quote database names and values
These commands are used to construct SQL statements, making sure that Tcl values are properly quoted depending on position: names or values.
Prepare the string value for inclusion in an SQL statement. If value is "", ns_dbquotevalue will return the string "NULL". If value is not "", the returned value depends on type.
If type is one of: bigint, bit, decimal, double, float, int, integer, numeric, real, smallint, or tinyint, then value will be returned without modification. When type is any other string, or if type is omitted, value will be surrounded by single quotes, and any single quotes that it contains will be escaped by translation into two single quotes.
Prepare the provided list for inclusion in an SQL statement. The command calls essentially ns_dbquotevalue for every element of the list and combined the result with a comma.
Transform value with single quoted elements into a proper Tcl list. In this step, remove space, backslash and single quote characters in the given string.
Surround name (SQL identifier such as, e.g., a table name) with double quotes if it contains a space. The resulting name can then be used in SQL statements for names of database objects such as tables or columns.
% ns_dbquotevalue "" NULL
% ns_dbquotevalue 45.3 float 45.3
% ns_dbquotevalue "John's Car" 'John''s Car'
% set company "John's Cheese Factory" % ns_db dml $db "INSERT INTO companies (name) VALUES ([ns_dbquotevalue $company])"
% ns_dbquotevalue "Column Name" 'Column Name'