Re: SQL Transformer generates illegal element names

Wed, 11 Feb 2004 05:34:06 -0800 

> > This is a standard SQL-feature, that should work in any 
> SQL-compliant 
> > database (at least I know it works in MSSQL and DB2 also). 
> But I guess 
> > that the problem is that Johann lets the user enter SQL directly, 
> > loosing control of whats submitted to the DB. (which seems 
> like a huge 
> > security risk, but I guess that this is adressed elsewhere in the 
> > application...)
> > 
> > Johann - if you are brave ;) - you could use XSLT to parse the 
> > submitted SQL, and then extend the SELECT-clause with aliases?
> :) indeed he would need to be pretty darn brave to parse a 
> SQL statement 
> using XSLT.
> 
> Less braveness though required with antlr, i'm sure there are 
> few SQL92 
> grammars around that suit his needs.
> 
> Alternatively there are various opensource java relational databases 
> around, they must have already done the hard work.
>
> Jorg

Not necessarily, since you don't have to parse the entire SQL-grammar (that
would have been stupid in XSLT, not brave... ;)
This is a simplified, untested template-match that could do the trick:

<xsl:template match="sql:query">
        <xsl:copy>
                <xsl:copy-of select="@*"/>
                <!-- ensure CASE on keywords -->
                <xsl:variable name="sql" select="translate(., 'fromselect' ,
'FROMSELECT')"/>
                <xsl:text>SELECT</xsl:text>
                <!-- Go trough every select column -->
                <xsl:for-each
select="str:tokenize(substring-before(substring-after($sql, 'SELECT'),
'FROM'),',')">
                        <xsl:value-of select="."/>
                        <!-- Check if it contains illegal characters for
XML-names -->
                        <xsl:if test="string-length(translate(.,'all
characters not allowed in XML NCNAME')) != string-length(.)">
                                <!-- If so, set the column name to x1, x2,
etc. -->
                                <xsl:text> AS x</xsl:text>
                                <xsl:value-of select="position()"/>
                        </xsl:if>
                        <xsl:if test="position() != last()">,</xsl:if>
                </xsl:for-each>
                <!-- Output  the rest of the SQL -->
                <xsl:text> FROM</xsl:text>
                <xsl:value-of select="substring-after($sql, 'FROM')"/>
        </xsl:copy>
</xsl:template>

Askild


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to