The sqlvar
tag safely inserts variables into SQL code. This tag is
used in SQL Methods.
sqlvar
tag syntax:
<dtml-sqlvar Variable|expr="VariableExpression">
The sqlvar
tag is a singleton. Like the var
tag, the sqlvar
tag looks up a variable and inserts it. Unlike the var tag, the
formatting options are tailored for SQL code.
string
, int
, float
and nb
. nb
means non-blank string and
should be used in place of string
unless you want to use blank
strings. The type attribute is required and is used to properly
escape inserted variable.Basic usage:
select * from employees where name=<dtml-sqlvar name type="nb">
This SQL quotes the name
string variable.