Nothing
R/dbQuoteIdentifier.R
In DBI: R Database Interface
#' Quote identifiers
#'
#' Call this method to generate a string that is suitable for
#' use in a query as a column or table name, to make sure that you
#' generate valid SQL and protect against SQL injection attacks. The inverse
#' operation is [dbUnquoteIdentifier()].
#'
#' @inheritParams dbGetQuery
#' @param x A character vector, [SQL] or [Id] object to quote as identifier.
#' @param ... Other arguments passed on to methods.
#'
#' @template methods
#' @templateVar method_name dbQuoteIdentifier
#'
#' @inherit DBItest::spec_sql_quote_identifier return
#' @inheritSection DBItest::spec_sql_quote_identifier Failure modes
#' @inheritSection DBItest::spec_sql_quote_identifier Specification
#'
#' @family DBIResult generics
#' @export
#' @examples
#' # Quoting ensures that arbitrary input is safe for use in a query
#' name <- "Robert'); DROP TABLE Students;--"
#' dbQuoteIdentifier(ANSI(), name)
#'
#' # Use Id() to specify other components such as the schema
#' id_name <- Id(schema = "schema_name", table = "table_name")
#' id_name
#' dbQuoteIdentifier(ANSI(), id_name)
#'
#' # SQL vectors are always passed through as is
#' var_name <- SQL("select")
#' var_name
#' dbQuoteIdentifier(ANSI(), var_name)
#'
#' # This mechanism is used to prevent double escaping
#' dbQuoteIdentifier(ANSI(), dbQuoteIdentifier(ANSI(), name))
setGeneric("dbQuoteIdentifier",
def = function(conn, x, ...) standardGeneric("dbQuoteIdentifier")
)
Try the DBI package in your browser
Any scripts or data that you put into this service are public.
DBI documentation built on June 18, 2022, 9:06 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
#' Quote identifiers
#'
#' Call this method to generate a string that is suitable for
#' use in a query as a column or table name, to make sure that you
#' generate valid SQL and protect against SQL injection attacks. The inverse
#' operation is [dbUnquoteIdentifier()].
#'
#' @inheritParams dbGetQuery
#' @param x A character vector, [SQL] or [Id] object to quote as identifier.
#' @param ... Other arguments passed on to methods.
#'
#' @template methods
#' @templateVar method_name dbQuoteIdentifier
#'
#' @inherit DBItest::spec_sql_quote_identifier return
#' @inheritSection DBItest::spec_sql_quote_identifier Failure modes
#' @inheritSection DBItest::spec_sql_quote_identifier Specification
#'
#' @family DBIResult generics
#' @export
#' @examples
#' # Quoting ensures that arbitrary input is safe for use in a query
#' name <- "Robert'); DROP TABLE Students;--"
#' dbQuoteIdentifier(ANSI(), name)
#'
#' # Use Id() to specify other components such as the schema
#' id_name <- Id(schema = "schema_name", table = "table_name")
#' id_name
#' dbQuoteIdentifier(ANSI(), id_name)
#'
#' # SQL vectors are always passed through as is
#' var_name <- SQL("select")
#' var_name
#' dbQuoteIdentifier(ANSI(), var_name)
#'
#' # This mechanism is used to prevent double escaping
#' dbQuoteIdentifier(ANSI(), dbQuoteIdentifier(ANSI(), name))
setGeneric("dbQuoteIdentifier",
def = function(conn, x, ...) standardGeneric("dbQuoteIdentifier")
)
Try the DBI package in your browser
Any scripts or data that you put into this service are public.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.