b:format.sqlsafe

Examples

Usage

Here's a basic usage and behavior of <b:format.sqlsafe>

<b:value.sqlinjection set="' OR '1'='1"/>

<b:format.sqlsafe><b:value.sqlinjection/></b:format.sqlsafe>

HTML source output

\' OR \'1\'=\'1

Cleaning incoming data

Here we remove suspicious text from a fictional blog comment before presenting it on a page (and maybe later writing it to database).

<h1>Preview your comment</h1>

<b:format.sqlsafe>
   <b:env.post.comment/>
</b:format.sqlsafe>

HTML source output

<h1>Preview your comment</h1>