When we substitute in text for a ${var} in a database query, we have to provide special handling for escape characters. For a simple example, say you have select="select * from employees where name like '${var}' " and var is "O'Malley". If we did not escape the ' in O'Malley then the select would end up as "select * from employees where name like 'O'Malley' " which is a malformed select.
However, the problem also exists where you can have "select FIRST_NAME from EMPLOYEES" and _ is a special character in Sql Server. To handle this situation if the name of your var starts with an underscore, such as ${_var}, then no escape substitution is performed.
The escape characters handled are:
| DB2 |
|
| ' |
'' |
| " |
"" |
| _ |
\_ |
| ? |
\? |
| % |
\% |
| \ |
\\ |
| MySql |
|
| ' |
\' |
| " |
\" |
| _ |
\_ |
| % |
\% |
| \ |
\\ |
| Sql Server |
|
| ' |
'' |
| [ |
[[] |
| % |
[%] |
| _ |
[_] |
additional keywords: parameter, parameters
|
View Topic History
|