escaping single quotes

Tue May 3 16:54:36 EDT 2005

> -----Original Message-----
> From: Sean Gillies [mailto:sgillies at frii.com]
>
>
>
> On May 3, 2005, at 10:45 AM, Ryan, Adam wrote:
>
> >> -----Original Message-----
> >> From: Paul Scott [mailto:pscott at UWC.AC.ZA]
> >> Sent: Monday, May 02, 2005 4:50 AM
> >> To: MAPSERVER-USERS at LISTS.UMN.EDU
> >> Subject: Re: [UMN_MAPSERVER-USERS] escaping single quotes
> >>
> >>
> >> Two other things you could try:
> >>
> >> use htmlspecialchars();
> >>
> >> or str_replace the "'" with &apos;
> >>
> >> That will make it look like &apos; . $gemnaam;
> >>
> >> which will echo to 'genmaan
> >>
> >> --Paul
> >>
> >>>>> Ace Suares <ace at SUARES.NL> 05/02/05 1:30 PM >>>
> >> On Monday 02 May 2005 5:08, Paul Scott wrote:
> >>> One word:
> >>>
> >>> addslashes();
> >>>
> >>> PHP does it for you with the function addslashes(); '[GEMNAAM]'=
> >>> addslashes('$gemnaam');
> >>
> >> Tried that, didn't work. A \' is not recognized by
> mapserver. Correct
> >> me if I am wrong.
> >>
> >> I got the tip from some else (off-list) to us two single
> quotes in a
> >> row, like '[GEMNAAM]'=''s-Gravenhage' Haven't tested it yet.
> >>
> >> I would prefer that mapserver/mapscript would honour addslashes().
> >>
> >> _Ace
> >>
> >>
> >>>
> >>>
> >>> --Paul
> >>>
> >>>>>> Ace Suares <ace at SUARES.NL> 05/02/05 4:53 AM >>>
> >>>
> >>> dear list,
> >>>
> >>> I have the following situation:
> >>>
> >>> 1. a column in my shapefile (.dbf) that is called GEMNAAM 2. 482
> >>> gemeentes (counties), 3 of them starting with an ' (an
> >> apostroph
> >>> or
> >>> single quote).
> >>> 3. a filter that looks like '[GEMNAAM]'='$gemnaam'
> >>> where $gemnaam iterates over (some of) the 482 gemeentes
> >>>
> >>> The problem seems to be that the single quote in the
> >> $gemnaam is not
> >>> being escaped, and I have no idea how to escape it.
> >>>
> >>> Is there an escape mechanism for single quotes ?
> >>>
> >>> I tried double quotes i.e. '[GEMNAAM]'="$gemnaam" but
> >> apparently to no
> >>> avail.
> >>>
> >>> Much obliged for any hint. (However, that won't bring back
> >> the past 4
> >>> hours of my life).
> >>>
> >>> _ace
> >>
> >> --
> >> It's not possible to treat coherently that which is incoherent.
> >>         - Date's Incoherence Principle
> >>
> >> Ace Suares' Internet Consultancy
> >> mail: PObox 2599, 4800 CN Breda, The Netherlands
> >> phone: +31 6 244 33 608 (Jan Veuger, support Netherlands)
> >> emergency: +599 786 23 73
> >> voicemail & fax: +31 848 707 705
> >> web: http://www.suares.nl email: support at suares.nl
> >>
> >
> > Ace,
> >
> > Have you solved this problem?  We might have similar but different
> > problems
> > because I'm using Python mapscript but I found that a field
> that has
> > any
> > apostrophe in any record in rendered unsearchable no matter
> what I do.
> >
> > Adam
> >
> >
>
> Adam, I have a new idea: when you have apostrophes in your records,
> write your expression using double quotes only, like so
>
>     qstring = '("[FNAME]" =~ "Foo")'
>
> I guessing that MapServer can't properly evaluate expressions
> in which
> a single quote appears on the left side as a string-casting operator,
> and on the right side as a literal value.
>
> Sean
>
>
> --
> Sean Gillies
> sgillies at frii dot com
> http://zcologia.com
>

Yes, that does work if there is data with ' but without ".  If there are any
", this blows up, in which case you would use all ' in your expression.  If
there are both ' and " then there is no solution but to edit your data,
which stinks, and it must be known ahead of time (or tested for) to check if
your data contains either of the offending characters.  Plus, searching for
text with either is no go; you can't search for O'Conner with the above work
around.

This is frustrating.  I tend to find some work arounds less palatable than
others, but then the software is free and thus gripping is, for the most
part, kept to oneselve (unless it helps).

On a completely different topic, thanks for pointing me towards twisted some
time ago.  I just looked at it again this weekend and put togther a little
server that spits out map images at 80% of the speed it takes
mapserv.exe/mode=map.  Granted there is no functionality BUT drawing and
returning, but that small performance hit I took switching to Python
mapscript from mapserv.exe could be eliminated, and then some.

Thanks again.

Adam