|
|
|
Encoding
All variables in RXML 2 are accessed through entities, e.g.
&var.foo;.
By default, an entity will be HTML encoded, that is, < will be
inserted as <, > as > and & as
&. However, there are instances when that is not what you
want, for example, when inserting entities into SQL queries.
Therefore, the encoding can be controlled by applying another
encoding scheme on the entity, &scope.entity:scheme;.
<sqlquery query="SELECT * FROM db WHERE name='&form.name:mysql;'">
|
|
Available Encoding Schemes
- none
No quoting. This is dangerous and should never be used unless you have
total control over the contents of the variable.
- html
The default quoting, for inserting into regular HTML or RXML. Encoded
characters are &, <, >, ", '
and the null character.
- url
For inserting variables into URLs. Encoded characters are the null character,
space, tab, the newline character, the carriage return character, %,
', ", #, &, ?, =, / and :.
- http
Uses a subset of the URL encoding scheme. Characters & and ?
are not encoded as it would make inserting i.e. variables into
http-strings impossible. Encoded characters are the null character,
space, tab, the newline character, the carriage return character,
%, ' and ".
- cookie
Uses a subset of the URL encoding scheme. Only the characters =,
,, ; and % are encoded.
- pike
For inserting into Pike strings, for use with the <pike> tag.
Encoded characters are ", \ and the newline character.
- js
For inserting into Javascript strings. Encoded characters are the backspace character,
the formfeed character, the newline character, the return carriage character,
tab, \, ' and ".
- mysql
For inserting into MySQL SQL queries. Encoded characters are ", '
and \.
- mysql-pike
For inserting into MySQL SQL queries in pike strings. Encoded characters
are ", ', \ and the newline character.
- oracle
For inserting into SQL queries. Encoded character is '.
|
|