Chen Yu
Reputation: 4077
Why lists:filter doesn't work well?
Using postgresql's sql, from the other documents, It is known that several special keywords should be filtered for preventing sql inject attack, such as ', ;, &, <, >.
quote(Value) when is_integer(Value)->
Value;
quote(Value) ->
%% seperate_by(["'",Value,"'"],"").
Value_a = lists:dropwhile(fun($')->true;
($;)->true;
($<)->true;
($>)->true;
($&)->true;
(_)->false
end,Value),
seperate_by(["'",Value_a,"'"],"").
([email protected])62> john_worker:quote("<>&asdf'").
"'asdf''"
([email protected])63> john_worker:quote("'asdf").
"'asdf''"
([email protected])64> john_worker:quote("'asdf").
"'asdf'"
([email protected])65> john_worker:quote("'asdf").
"'asdf'"
([email protected])66> john_worker:quote("a'sdf").
"'a'sdf'"
([email protected])67> john_worker:quote("a>sdf").
"'a>sdf'"
The lists:filter works well for words prefixing by these special characters, but not works for other condition. Why?
Upvotes: 0
Views: 59
Answers (1)
Pascal
Reputation: 14042
I am not sure of what you are expecting as result, if you simply want to skip those special characters, you can use a list comprehension:
quote(Value) ->
"'" ++ [X || X <- Value , X =/= $', X =/= $;, X =/= $<, X =/= $>, X =/= $&] ++ "'".
Upvotes: 2
Related Questions
- Erlang lists:filter returns "\n\f"
- Erlang: do list comprehension filters short circuit
- Filtering lists containing string pattern
- Erlang filter list using lists:keyfind partial string
- Simple Filter Erlang
- Multiple filters in list comprehension in Erlang
- Erlang lists:filter/2 cannot use comma instead of andalso
- Erlang List Filter Syntax
- erlang list filter question
- Erlang List filter question