Sanitizing DB inputs with XSLT
Posted
by azathoth
on Stack Overflow
See other posts from Stack Overflow
or by azathoth
Published on 2010-05-13T15:02:45Z
Indexed on
2010/05/13
15:04 UTC
Read the original article
Hit count: 238
Hello
I've been looking for a method to strip my XML content of apostrophes (') like:
<name> Jim O'Connor</name>
since my DBMS is complaining of receiving those.
By looking at the example described here, that is supposed to replace ' with '', I constructed the following script:
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output omit-xml-declaration="yes" indent="yes" />
<xsl:template match="node()|@*">
<xsl:copy>
<xsl:apply-templates select="node()|@*" />
</xsl:copy>
</xsl:template>
<xsl:template name="sqlApostrophe">
<xsl:param name="string" />
<xsl:variable name="apostrophe">'</xsl:variable>
<xsl:choose>
<xsl:when test="contains($string,$apostrophe)">
<xsl:value-of select="concat(substring-before($string,$apostrophe), $apostrophe,$apostrophe)"
disable-output-escaping="yes" />
<xsl:call-template name="sqlApostrophe">
<xsl:with-param name="string"
select="substring-after($string,$apostrophe)" />
</xsl:call-template>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$string"
disable-output-escaping="yes" />
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="node()|@*">
<xsl:apply-templates name="sqlApostrophe"/>
</xsl:template>
</xsl:stylesheet>
However, the processor isn't accepting it. What am I missing here? Is there a better way to get rid of the apostrophes?
Perhaps another approach for sanitizing DB inputs by using XSLT?
Thanks for your help
© Stack Overflow or respective owner
