Oh... wait, I think I was looking at the wrong piece of code. D'oh. Sorry!
-Ashley On Friday, Oct 13, 2006, at 11:37 US/Pacific, apv wrote: > The behavior happens on ->search(); on mysql anyway. > > On Friday, Oct 13, 2006, at 11:15 US/Pacific, Matt S Trout wrote: > >> >> On 13 Oct 2006, at 13:36, Ash Berlin wrote: >> >>> Jules Bean wrote: >>>> apv wrote: >>>> >>>>> I want/need to escape underscores so that simple searches can't be >>>>> "hacked" by users, accidentally or intentionally. The DBI doc shows >>>>> this as the way to do it: >>>>> >>>>> $esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE >>>>> $search_pattern =~ s/([_%])/$esc$1/g; >>>>> >>>>> Where/how should I do it in (a Catalyst app that's doing) >>>>> searches with >>>>> DBIC? I'm interested in overriding it for *all* user facing >>>>> searches >>>>> since users should only be allowed to supply literal chars. >>>>> >>>>> >>>> >>>> >>>> Don't use LIKE? >>>> >>>> _% are only special in the context of a LIKE query. >>>> >>>> Jules >>> c.f 'search' and 'search_like' >>> >> >> search_like considered harmful. >> >> -- >> Matt S Trout, Technical Director, Shadowcat Systems Ltd. >> Offering custom development, consultancy and support contracts for >> Catalyst, >> DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for >> details. >> + Help us build a better perl ORM: http://dbix- >> class.shadowcatsystems.co.uk/ + >> >> >> >> _______________________________________________ >> List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class >> Wiki: http://dbix-class.shadowcatsystems.co.uk/ >> IRC: irc.perl.org#dbix-class >> SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/ >> Searchable Archive: >> http://www.mail-archive.com/[email protected]/ >> >> >> > > > -Ashley > -- > http://sedition.com · http://sedition.com/ddx > http://querylog.com · http://ashleypond.com/v > > > _______________________________________________ > List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class > Wiki: http://dbix-class.shadowcatsystems.co.uk/ > IRC: irc.perl.org#dbix-class > SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/ > Searchable Archive: > http://www.mail-archive.com/[email protected]/ > > > -Ashley -- http://sedition.com · http://sedition.com/ddx http://querylog.com · http://ashleypond.com/v _______________________________________________ List: http://lists.rawmode.org/cgi-bin/mailman/listinfo/dbix-class Wiki: http://dbix-class.shadowcatsystems.co.uk/ IRC: irc.perl.org#dbix-class SVN: http://dev.catalyst.perl.org/repos/bast/trunk/DBIx-Class/ Searchable Archive: http://www.mail-archive.com/[email protected]/
