"Jim Weirich" <jim / weirichhouse.org> schrieb im Newsbeitrag
news:28107.192.223.163.6.1081789190.squirrel / weirichhouse.org...
>
> Ruby Tuesday said:
> > Hi, I was wondering if there are such a function in Ruby for escaping
a
> > character, e.g:
> >
> > I'd like to add record to mysql db but it has quote('),
double-quote("),
> > and
> > other escape-able characters.
> >
> > How do I escape those characters just before pumping it to the
database?
> >
> > Now the strings is clobbered with escape characters, how do I strip it
for
> > searching? Thanks
>
> Are you using DBI?  If so, then form your SQL queries with "?"
> placeholders and pass the actual values when the queries are executed.
> DBI will handle all the proper quoting and escaping for you.
>
> For example.
>
>   db = DBI.connect("DBI:yada:yada", user, pw)
>   db.do("UPDATE this_table SET a_column = ? WHERE yada = yada",
>         %{This is is automatically 'quoted' and "escaped" by DBI})
>
> There may be similiar functionality built into the direct DB bindings.
If
> so, this is generally a better choice than self escaping.

If you don't want to use that there's always String#gsub to accomplish
such substitutions - in either direction, e.g.

str.gsub(/(['"])/, '^\\1' )
str.gsub(/^(.)/, '\\1' )

with "^" beeing the escape char in this example.

    robert