On Sep 22, 5:14 pm, The Editor <[email protected]> wrote:
> What version are you using? If you recall I reworked the comm2func
> function in a recent release to handle this better, but don't see it
> documented, so perhaps it was more recent. (I'm thinking it was 3.14).
> Anyway check to see if you have this line in your comm2func function:
>
> foreach($args as $f => $v) $value .= "$f='" .
> str_replace(Array("'",
> '"'), Array(''', '"'), $v) . "' ";
I couldn't see this, so I upgraded to 3.15 from 3.14
Didn't help, and I still can't find the "str_replace" part.
Are you sure you included it in the release?
>
> You'll see it has the things escaped. But that may not be what we want
> here. I have the following output from your parameter string in my
> test function:
>
> Array
> (
> [1] => UPDATE
> [2] => kmsortiment_st
> [3] => SET
> [name] => '(?name)'
> [4] => ,
> [category] => '(?cat)'
> [5] => ,
> [typ] => '(?typ)'
> [6] => ,
> [base_price] => {=bp}
> [7] => ,
> [km_price] => {=kp}
> [8] => ,
> [box_size] => {=bs}
> [9] => ,
> [unit] => '(?u)'
> [10] => ,
> [group_unit] => '(?gu)'
> [11] => WHERE
> [id] => id=
> [query] => UPDATE kmsortiment_st SET name='(?name)' ,
> category='(?cat)' , typ='(?typ)' , base_price={=bp} ,
> km_price={=kp} , box_size={=bs} , unit='(?u)' ,
> group_unit='(?gu)' WHERE id=
> [test] => UPDATE kmsortiment_st SET name='(?name)' ,
> category='(?cat)' , typ='(?typ)' ,
> base_price={=bp} , km_price={=kp} , box_size={=bs} ,
> unit='(?u)' , group_unit='(?gu)' WHERE id=
> [submit] => SUBMIT
> [boltkey] => test-args-2218
> [nextpage] => test.args
> )
>
that... should work. But I can't test it since the code you use
doesn't seem to exist. Shall I wait patiently?
> Here's my form I'm using, with a custom test func to output the array:
>
> [form]
> [text query "UPDATE kmsortiment_st SET name='(?name)' ,
> category='(?cat)' , typ='(?typ)' , base_price={=bp} , km_price={=kp} ,
> box_size={{=bs} , unit='(?u)' , group_unit='(?gu)' WHERE
> id={?itemid}"]
> [session test "{=query}"]
> [submit]
> [form]
>
> You might do better to rewrite the form like this (similar to my
> suggestion earlier:
>
> [form]
> [hidden name='(?name)']
> [hidden category '(?cat)']
> [hidden typ '(?typ)']
> etc
> [session query insert]
> [submit]
> [form]
>
> And then use the function to assemble the query. Once again you are
> trying to generate a parameter string within a parameter string, and I
> think you are likely to have more problems like this. I'll be happy to
> work around this if I can, but I think we're dealing with a kind of
> regression that it will be very hard to get BoltWire smart enough to
> solve. Let's see what we can do...
>
> Cheers,
> Dan
>
> P.S. Just another thought. My idea was to have a simple msql plugin
> that used one function to simply retrieve database values and a simple
> command to insert database values. Maybe that would be a good starter
> goal. Sounds like you are doing some more complicated things. :)
Yeah... I have full mysql functionality, essentially the mysql command
line accessible via boltwire. I don't want to dumb that down when the
function-version works perfectly fine.
In fact, I currently have an easier time formatting output with mysql
than with templates. Especially given mysqls inbuilt math functions.
Once we get this string-escape fixed I'll show you how simple and
powerful my solution is to use. I'm sure you'll see it my way.
(In fact, allthough this would be better solved by access to php
variables, my mysql solution actually gives me free mutable-variables
via temporary tables. A hack, technically, but fun.)
> On Tue, Sep 22, 2009 at 8:26 AM, DrunkenMonk <[email protected]> wrote:
>
> > I am trying to use the comm2func command to access my mysql plugin.
>
> > I have a hidden query:
> > [hidden query "UPDATE kmsortiment_st SET name='(?name)' , category='(?
> > cat)' , typ='(?typ)' , base_price={=bp} , km_price={=kp} , box_size=
> > {=bs} , unit='(?u)' , group_unit='(?gu)' WHERE id={?itemid}"]
>
> > where [session msg "{=query}"] returns:
>
> > UPDATE kmsortiment_st SET name='(?name)' , category='(?cat)' , typ='(?
> > typ)' , base_price=30 , km_price=35 , box_size=20 , unit='(?u)' ,
> > group_unit='(?gu)' WHERE id=1
>
> > Which is correct.
>
> > I then try to access $args['query'] in my function. I get:
>
> > UPDATE kmsortiment_st SET name=
>
> > Which is not correct.
>
> > It seems to me that single qoutes within double quotes are not escaped
> > correctly somewhere. I can't find where.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
