[mapserver-users] substitution in a PostGIS layer .. ?
Stephen Woodbridge
woodbri at swoodbridge.com
Wed Jul 13 10:57:48 EDT 2011
On 7/13/2011 9:59 AM, Julien Cigar wrote:
> On 07/13/2011 15:38, Rahkonen Jukka wrote:
>> Julien Cigar wrote:
>>
>>> This may be a stupid question but: is there a reason why
>>> PQescapeStringConn() is not used to do the substitution?
>>
>> Perhaps because Mapserver does not support just PostgreSQL but also
>> Oracle, SQL Server, MySQL, Informix, CouchDB etc. Therefore it is good
>> to have some general purpose validation system. Of cause more
>> sophisticated systems for each datastore would not harm.
>>
>> -Jukka Rahkonen-
>>
>>> Thanks,
>>> Julien
>>
>
> I see .. :)
>
> Thanks!
Julien,
This is a good question and it has been discussed among the dev's. One
thing we discussed was having a generic escape function that would be
implemented by each driver that the code could call to deal with the
various issues of driver support. But alas it is more complicated than
simple variable quoting, because substitution can replace table names,
column names, or parts of expressions like "foobar in(%filter%)"
So we continue to improve on it and restructure code as needed, but as
the above examples suggest it is not a trivial fix and currently the
validation patterns work, but require the user to implement them based
on their needs.
Thanks,
-Steve W
More information about the mapserver-users
mailing list