parameterized query with wildcard

Andrew Kluthe andrew at ctech.me
Tue Jul 28 18:17:04 CEST 2015


Does revDataFromQuery do any sanitizing/proper to prevent me from sneaking
extra SQL into your search box like an injection style attack, or does it
just plop whatever you give in there no questions asked? Just curious. I
have always been spoiled by SQLYoga or rolled my DB interfaces up into API
servers of some kind.

On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy <dave at applicationinsight.com>
wrote:

> Mike, assuming you are searching the db with parameter pSearchTerm, try
> something like this:
>
>
> put "%" & pSearchTerm & "%" into tSearchTerm
> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery
> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm")
>
>
>
>
>
>
> -----
> "The difference between genius and stupidity is; genius has its limits." -
> Albert Einstein
> --
> View this message in context:
> http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html
> Sent from the Revolution - User mailing list archive at Nabble.com.
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


More information about the use-livecode mailing list