Sanitizing DB inputs with XSLT

Posted by azathoth on Stack Overflow See other posts from Stack Overflow or by azathoth
Published on 2010-05-13T15:02:45Z Indexed on 2010/05/13 15:04 UTC
Read the original article Hit count: 259

Filed under:
|
|
|
|

Hello

I've been looking for a method to strip my XML content of apostrophes (') like:

<name> Jim O'Connor</name>

since my DBMS is complaining of receiving those.

By looking at the example described here, that is supposed to replace ' with '', I constructed the following script:

<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  <xsl:output omit-xml-declaration="yes" indent="yes" />

  <xsl:template match="node()|@*">
    <xsl:copy>
      <xsl:apply-templates select="node()|@*" />
    </xsl:copy>
  </xsl:template>

  <xsl:template name="sqlApostrophe">
    <xsl:param name="string" />
    <xsl:variable name="apostrophe">'</xsl:variable>
    <xsl:choose>
      <xsl:when test="contains($string,$apostrophe)">
        <xsl:value-of select="concat(substring-before($string,$apostrophe), $apostrophe,$apostrophe)"
        disable-output-escaping="yes" />
        <xsl:call-template name="sqlApostrophe">
          <xsl:with-param name="string"
          select="substring-after($string,$apostrophe)" />
        </xsl:call-template>
      </xsl:when>
      <xsl:otherwise>
        <xsl:value-of select="$string"
        disable-output-escaping="yes" />
      </xsl:otherwise>
    </xsl:choose>
  </xsl:template>

  <xsl:template match="node()|@*">
 <xsl:apply-templates name="sqlApostrophe"/>
  </xsl:template>

</xsl:stylesheet>

However, the processor isn't accepting it. What am I missing here? Is there a better way to get rid of the apostrophes?

Perhaps another approach for sanitizing DB inputs by using XSLT?

Thanks for your help

© Stack Overflow or respective owner

Related posts about xslt

Related posts about sql