对于 Progress 4GL / ABL的 php 的http://php.net/manual/en/function.mysql-real-escape-string.php是否有类似的程序或在 Progress 社区中遵循用于编写净化文本的最佳实践到外部和不受信任的实体(网站、mysql 服务器和 API)?
QUOTE 或 QUERY-PREPARE 函数将不起作用,因为它们会为 Progress 的动态查询而不是外部实体清理文本。
问问题
1553 次
2 回答
0
听起来你自己滚是唯一的方法。出于我的目的,我模拟了 mysql_real_escape_string 函数
/* TODO progress auto changes all ASC(0) characters to space or ASC(20) in a non db string. */
/* the backslash needs to go first */
/* there is no concept of static vars in progress (non class) so global variables */
DEFINE VARIABLE cEscape AS CHARACTER EXTENT INITIAL [
"~\",
/*"~000",*/
"~n",
"~r",
"'",
"~""
]
.
DEFINE VARIABLE cReplace AS CHARACTER EXTENT INITIAL [
"\\",
/*"\0",*/
"\n",
"\r",
"\'",
'\"'
]
.
FUNCTION mysql_real_escape_string RETURNS CHARACTER (INPUT pcString AS CHAR):
DEF VAR ii AS INTEGER NO-UNDO.
MESSAGE pcString '->'.
DO ii = 1 TO EXTENT(cEscape):
ASSIGN pcString = REPLACE (pcString, cEscape[ii], cReplace[ii]).
END.
MESSAGE pcString.
RETURN pcString.
END.
于 2012-08-02T23:23:20.563 回答
0
与您引用的示例最接近的类似物是编写一个执行此操作的函数:
DEFINE VARIABLE ch-escape-chars AS CHARACTER NO-UNDO.
DEFINE VARIABLE ch-string AS CHARACTER NO-UNDO.
DEFINE VARIABLE i-cnt AS INTEGER NO-UNDO.
DO i-cnt = 1 TO LENGTH(ch-escape-char):
ch-string = REPLACE(ch-string,
SUBSTRING(ch-escape-char, i-cnt, 1),
"~~" + SUBSTRING(ch-escape-char, i-cnt, 1)).
END.
在哪里
ch-escape-chars are the characters you want escape'd.
ch-string is the incoming string.
"~~" is the esacap'd escape character.
于 2012-08-02T20:34:19.333 回答