autodoc.git / traditional.xml

version» Context lines:

autodoc.git/traditional.xml:41851:    result (eg <tt>INSERT</tt> or similar).</p>   </text></group></mixed>   </text></group><group><throws/><text><p>Throws an exception if the query fails.</p>   </text></group><group><seealso/><text><p><ref resolved='predef::Sql.Sql.typed_query'>typed_query</ref>, <ref resolved='predef::Sql.Sql.big_query'>big_query</ref>, <ref resolved='predef::Sql.Sql.streaming_query'>streaming_query</ref></p>   </text></group></doc>   <method name='query'>   <arguments><argument name='q'><type><or><object resolved='predef::Sql.Sql.query'/><string/></or></type></argument><argument name='extraargs'><type><varargs><mixed/></varargs></type></argument></arguments>   <returntype><array><valuetype><mapping><indextype><string/></indextype><valuetype><string/></valuetype></mapping></valuetype></array></returntype>   </method>   </docgroup> + <docgroup homogen-name='query_db' homogen-type='method'><doc><text><p>Get the currently selected db if possible.</p> + </text></doc> + <method name='query_db'> + <arguments/> + <returntype><string/></returntype> + </method> + </docgroup>   <docgroup homogen-name='quote' homogen-type='method'><doc><text><p>Quote a string <ref resolved='predef::Sql.Sql.quote.s'>s</ref> so that it can safely be put in a query.</p>   <p> All input that is used in SQL-querys should be quoted to prevent    SQL injections.</p>   <p> Consider this harmfull code:</p>   <code><text><p>string my_input = "rob' OR name!='rob";    string my_query = "DELETE FROM tblUsers WHERE name='"+my_input+"'";    my_db-&gt;query(my_query);</p>   </text></code><p>This type of problems can be avoided by quoting <tt>my_input</tt>.    <tt>my_input</tt> would then probably read something like    <i>rob\' OR name!=\'rob</i> </p>