cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Askild Aaberg Olsen" <ask...@xangeli.com>
Subject Re: SQL Transformer generates illegal element names
Date Wed, 11 Feb 2004 13:32:34 GMT
> > This is a standard SQL-feature, that should work in any 
> SQL-compliant 
> > database (at least I know it works in MSSQL and DB2 also). 
> But I guess 
> > that the problem is that Johann lets the user enter SQL directly, 
> > loosing control of whats submitted to the DB. (which seems 
> like a huge 
> > security risk, but I guess that this is adressed elsewhere in the 
> > application...)
> > 
> > Johann - if you are brave ;) - you could use XSLT to parse the 
> > submitted SQL, and then extend the SELECT-clause with aliases?
> :) indeed he would need to be pretty darn brave to parse a 
> SQL statement 
> using XSLT.
> 
> Less braveness though required with antlr, i'm sure there are 
> few SQL92 
> grammars around that suit his needs.
> 
> Alternatively there are various opensource java relational databases 
> around, they must have already done the hard work.
>
> Jorg

Not necessarily, since you don't have to parse the entire SQL-grammar (that
would have been stupid in XSLT, not brave... ;)
This is a simplified, untested template-match that could do the trick:

<xsl:template match="sql:query">
	<xsl:copy>
		<xsl:copy-of select="@*"/>
		<!-- ensure CASE on keywords -->
		<xsl:variable name="sql" select="translate(., 'fromselect' ,
'FROMSELECT')"/>
		<xsl:text>SELECT</xsl:text>
		<!-- Go trough every select column -->
		<xsl:for-each
select="str:tokenize(substring-before(substring-after($sql, 'SELECT'),
'FROM'),',')">
			<xsl:value-of select="."/>
			<!-- Check if it contains illegal characters for
XML-names -->
			<xsl:if test="string-length(translate(.,'all
characters not allowed in XML NCNAME')) != string-length(.)">
				<!-- If so, set the column name to x1, x2,
etc. -->
				<xsl:text> AS x</xsl:text>
				<xsl:value-of select="position()"/>
			</xsl:if>
			<xsl:if test="position() != last()">,</xsl:if>
		</xsl:for-each>
		<!-- Output  the rest of the SQL -->
		<xsl:text> FROM</xsl:text>
		<xsl:value-of select="substring-after($sql, 'FROM')"/>
	</xsl:copy>
</xsl:template>

Askild


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message