sqlvar: Inserts SQL variables

The sqlvar tag safely inserts variables into SQL code. This tag is used in SQL Methods.


sqlvar tag syntax:

      <dtml-sqlvar Variable|expr="VariableExpression">

The sqlvar tag is a singleton. Like the var tag, the sqlvar tag looks up a variable and inserts it. Unlike the var tag, the formatting options are tailored for SQL code.


The type of the variable. Valid types include: string, int, float and nb. nb means non-blank string and should be used in place of string unless you want to use blank strings. The type attribute is required and is used to properly escape inserted variable.
If true and the variable is null or non-existent, then nothing is inserted.


Basic usage:

      select * from employees 
        where name=<dtml-sqlvar name type="nb">

This SQL quotes the name string variable.

See Also

sqltest tag