cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Askild Aaberg Olsen" <>
Subject Re: SQL Transformer generates illegal element names
Date Wed, 11 Feb 2004 13:32:34 GMT
> > This is a standard SQL-feature, that should work in any 
> SQL-compliant 
> > database (at least I know it works in MSSQL and DB2 also). 
> But I guess 
> > that the problem is that Johann lets the user enter SQL directly, 
> > loosing control of whats submitted to the DB. (which seems 
> like a huge 
> > security risk, but I guess that this is adressed elsewhere in the 
> > application...)
> > 
> > Johann - if you are brave ;) - you could use XSLT to parse the 
> > submitted SQL, and then extend the SELECT-clause with aliases?
> :) indeed he would need to be pretty darn brave to parse a 
> SQL statement 
> using XSLT.
> Less braveness though required with antlr, i'm sure there are 
> few SQL92 
> grammars around that suit his needs.
> Alternatively there are various opensource java relational databases 
> around, they must have already done the hard work.
> Jorg

Not necessarily, since you don't have to parse the entire SQL-grammar (that
would have been stupid in XSLT, not brave... ;)
This is a simplified, untested template-match that could do the trick:

<xsl:template match="sql:query">
		<xsl:copy-of select="@*"/>
		<!-- ensure CASE on keywords -->
		<xsl:variable name="sql" select="translate(., 'fromselect' ,
		<!-- Go trough every select column -->
select="str:tokenize(substring-before(substring-after($sql, 'SELECT'),
			<xsl:value-of select="."/>
			<!-- Check if it contains illegal characters for
XML-names -->
			<xsl:if test="string-length(translate(.,'all
characters not allowed in XML NCNAME')) != string-length(.)">
				<!-- If so, set the column name to x1, x2,
etc. -->
				<xsl:text> AS x</xsl:text>
				<xsl:value-of select="position()"/>
			<xsl:if test="position() != last()">,</xsl:if>
		<!-- Output  the rest of the SQL -->
		<xsl:text> FROM</xsl:text>
		<xsl:value-of select="substring-after($sql, 'FROM')"/>


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message