If the view does not exist, this function will return true. Note that views are not supported with all datasources.
+\membersection{wxDb::EscapeSqlChars}\label{wxdbescapesqlchars}
+
+\func{wxString}{EscapeSqlChars}{\param{const wxString\& }{value}}
+
+This function is used internally by wxWidgets while building SQL statements.
+It has been provided to help users who wish to explicity construct SQL
+statements to be sent to the server. The function takes the value passed and
+returns it with any special characters escaped. Which characters are
+considered special depends on what type of datasource the object is connected
+to. For example, most database servers use a backslash as the escape
+character; if the value passed contains a backlash it will be replaced with a
+double backslash before it is passed to the server. This function can be used
+to avoid passing statements with syntax errors to the server as well as prevent
+SQL injection attacks.
+
+\wxheading{Parameters}
+
+\docparam{value}{The value to be escaped.}
+
\membersection{wxDb::ExecSql}\label{wxdbexecsql}
\func{bool}{ExecSql}{\param{const wxString \&}{pSqlStmt}}
bool FwdOnlyCursors(void) {return fwdOnlyCursors;}
+ // return the string with all special SQL characters escaped
+ wxString EscapeSqlChars(const wxString& value);
+
// These two functions are provided strictly for use by wxDbTable.
// DO NOT USE THESE FUNCTIONS, OR MEMORY LEAKS MAY OCCUR
void incrementTableCount() { nTables++; return; }
} // wxDb::ModifyColumn()
+/********** wxDb::EscapeSqlChars() **********/
+wxString wxDb::EscapeSqlChars(const wxString& valueOrig)
+{
+ wxString value(valueOrig);
+ switch (Dbms())
+ {
+ case dbmsACCESS:
+ // Access doesn't seem to care about backslashes, so only escape single quotes.
+ value.Replace(wxT("'"), wxT("''"));
+ break;
+
+ default:
+ // All the others are supposed to be the same for now, add special
+ // handling for them if necessary
+ value.Replace(wxT("\\"), wxT("\\\\"));
+ value.Replace(wxT("'"), wxT("\\'"));
+ break;
+ }
+
+ return value;
+} // wxDb::EscapeSqlChars()
+
/********** wxDbGetConnection() **********/
wxDb WXDLLIMPEXP_ODBC *wxDbGetConnection(wxDbConnectInf *pDbConfig, bool FwdOnlyCursors)
case SQL_C_WCHAR:
#endif
//case SQL_C_WXCHAR: SQL_C_WXCHAR is covered by either SQL_C_CHAR or SQL_C_WCHAR
- colValue.Printf(wxT("'%s'"), (UCHAR FAR *) colDefs[colNumber].PtrDataObj);
+ colValue.Printf(wxT("'%s'"), GetDb()->EscapeSqlChars((UCHAR FAR *)colDefs[colNumber].PtrDataObj).c_str());
break;
case SQL_C_SHORT:
case SQL_C_SSHORT:
projects / wxWidgets.git / commitdiff
