Description Usage Arguments Backend authors Examples
Safely interpolate values into an SQL string.
1 2 3 4 | sqlInterpolate(`_con`, `_sql`, ...)
## S4 method for signature 'DBIConnection'
sqlInterpolate(`_con`, `_sql`, ...)
|
_con |
A database connection. |
... |
Named values to interpolate into string. All strings
will be first escaped with |
'_sql' |
A SQL string containing containing variables to interpolate.
Variables must start with a question mark and can be any valid R
identifier, i.e. it must start with a letter or |
If you are implementing a SQL backend with non-ANSI quoting rules, you'll
need to implement a method for sqlParseVariables
. Failure to
do so does not expose you to SQL injection attacks, but will (rarely) result
in errors matching supplied and interpolated variables.
1 2 3 4 | sql <- "SELECT * FROM X WHERE name = ?name"
sqlInterpolate(ANSI(), sql, name = "Hadley")
# This is safe because the single quote has been double escaped
sqlInterpolate(ANSI(), sql, name = "H'); DROP TABLE--;")
|
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.