SQL: SQL quoting
In DBI: R Database Interface
SQL R Documentation
SQL quoting
Description
This set of classes and generics make it possible to flexibly deal with SQL
escaping needs. By default, any user supplied input to a query should be
escaped using either dbQuoteIdentifier() or dbQuoteString()
depending on whether it refers to a table or variable name, or is a literal
string.
These functions may return an object of the SQL class,
which tells DBI functions that a character string does not need to be escaped
anymore, to prevent double escaping.
The SQL class has associated the SQL() constructor function.
Usage
SQL(x, ..., names = NULL)
Arguments
x
A character vector to label as being escaped SQL.
...
Other arguments passed on to methods. Not otherwise used.
names
Names for the returned object, must have the same length as x.
Value
An object of class SQL.
Implementation notes
DBI provides default generics for SQL-92 compatible quoting. If the database
uses a different convention, you will need to provide your own methods.
Note that because of the way that S4 dispatch finds methods and because
SQL inherits from character, if you implement (e.g.) a method for
dbQuoteString(MyConnection, character), you will also need to
implement dbQuoteString(MyConnection, SQL) - this should simply
return x unchanged.
Examples
dbQuoteIdentifier(ANSI(), "SELECT")
dbQuoteString(ANSI(), "SELECT")
# SQL vectors are always passed through as is
var_name <- SQL("SELECT")
var_name
dbQuoteIdentifier(ANSI(), var_name)
dbQuoteString(ANSI(), var_name)
# This mechanism is used to prevent double escaping
dbQuoteString(ANSI(), dbQuoteString(ANSI(), "SELECT"))
DBI documentation built on June 22, 2024, 9:41 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| SQL | R Documentation |
SQL quoting
Description
This set of classes and generics make it possible to flexibly deal with SQL
escaping needs. By default, any user supplied input to a query should be
escaped using either dbQuoteIdentifier() or dbQuoteString()
depending on whether it refers to a table or variable name, or is a literal
string.
These functions may return an object of the SQL class,
which tells DBI functions that a character string does not need to be escaped
anymore, to prevent double escaping.
The SQL class has associated the SQL() constructor function.
Usage
SQL(x, ..., names = NULL)
Arguments
x |
A character vector to label as being escaped SQL. |
... |
Other arguments passed on to methods. Not otherwise used. |
names |
Names for the returned object, must have the same length as |
Value
An object of class SQL.
Implementation notes
DBI provides default generics for SQL-92 compatible quoting. If the database
uses a different convention, you will need to provide your own methods.
Note that because of the way that S4 dispatch finds methods and because
SQL inherits from character, if you implement (e.g.) a method for
dbQuoteString(MyConnection, character), you will also need to
implement dbQuoteString(MyConnection, SQL) - this should simply
return x unchanged.
Examples
dbQuoteIdentifier(ANSI(), "SELECT")
dbQuoteString(ANSI(), "SELECT")
# SQL vectors are always passed through as is
var_name <- SQL("SELECT")
var_name
dbQuoteIdentifier(ANSI(), var_name)
dbQuoteString(ANSI(), var_name)
# This mechanism is used to prevent double escaping
dbQuoteString(ANSI(), dbQuoteString(ANSI(), "SELECT"))
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.