Forums
Terrell inherited some database stored procedures. Like all good, Enterprisey stored procedures, it was written in PL/SQL. Unlike most Enterprisey procedures, it had a clear purpose: to clean your dirty inputs.
The actual problem: based on user input, the PL/SQL code needed to write a temporary file to the filesystem. Since user input is full of filthy, illicit characters, this procedure needs to clean them up.
PROCEDURE p_clean_name (
p_file_name IN VARCHAR2,
p_file_name_end OUT VARCHAR2
)
---------------------------------------------------------------------------------------------------
-- Purpose: Clean the file name removing all dirty characters
----------------------------------------------------------------------------------------------------
IS
l_function_name VARCHAR2 (64) := 'p_clean_name';
BEGIN
p_file_name_end :=
REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(REPLACE
(TRIM
(p_file_name
),
'/',
'_'
),
'*',
'_'
),
'%',
'_'
),
'ù',
'_'
),
'ò',
'_'
),
'à',
'_'
),
'è',
'_'
),
'ù',
'_'
),
'ì',
'_'
),
'é',
'_'
),
'°',
'_'
),
'$',
'_'
),
'£',
'_'
),
'&',
'_'
),
'?',
'_'
),
'§',
'_'
),
'^',
'_'
),
'(',
'_'
),
')',
'_'
),
'\',
'_'
),
'#',
'_'
),
'+',
'_'
),
'[',
'_'
),
']',
'_'
),
';',
'_'
),
':',
'_'
),
'@',
'_'
),
'ç',
'_'
),
'<',
'_'
),
'>',
'_'
),
'.',
'_'
),
' ',
'_'
);
EXCEPTION
WHEN OTHERS
THEN
p_handle_log ('X',
SQLCODE ||'-'|| SQLERRM || '- ' || DBMS_UTILITY.format_error_backtrace(),
l_function_name,
null,
null
);
END;Well, something is dirty in here.
[Advertisement]
BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!