parameterized query with wildcard
MikeKerner at roadrunner.com
Tue Jul 28 18:28:07 CEST 2015
Dave, sorry, I thought I mentioned trying that. It does not work.
Andrew, yes, if you use a parameterized query, you do not have to
escape/sanitize your parameters. If you append them to build a query, you
On Tue, Jul 28, 2015 at 12:18 PM, Andrew Kluthe <andrew at ctech.me> wrote:
> Should have read, *proper escaping*.
> On Tue, Jul 28, 2015 at 11:17 AM Andrew Kluthe <andrew at ctech.me> wrote:
> > Does revDataFromQuery do any sanitizing/proper to prevent me from
> > extra SQL into your search box like an injection style attack, or does it
> > just plop whatever you give in there no questions asked? Just curious. I
> > have always been spoiled by SQLYoga or rolled my DB interfaces up into
> > servers of some kind.
> > On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy <
> dave at applicationinsight.com>
> > wrote:
> >> Mike, assuming you are searching the db with parameter pSearchTerm, try
> >> something like this:
> >> put "%" & pSearchTerm & "%" into tSearchTerm
> >> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery
> >> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm")
> >> -----
> >> "The difference between genius and stupidity is; genius has its limits."
> >> - Albert Einstein
> >> --
> >> View this message in context:
> >> Sent from the Revolution - User mailing list archive at Nabble.com.
> >> _______________________________________________
> >> use-livecode mailing list
> >> use-livecode at lists.runrev.com
> >> Please visit this url to subscribe, unsubscribe and manage your
> >> subscription preferences:
> >> http://lists.runrev.com/mailman/listinfo/use-livecode
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
and did a little diving.
And God said, "This is good."
More information about the use-livecode