parameterized query with wildcard

Mike Kerner MikeKerner at roadrunner.com
Tue Jul 28 18:28:07 CEST 2015


Dave, sorry, I thought I mentioned trying that.  It does not work.

Andrew, yes, if you use a parameterized query, you do not have to
escape/sanitize your parameters.  If you append them to build a query, you
do.

On Tue, Jul 28, 2015 at 12:18 PM, Andrew Kluthe <andrew at ctech.me> wrote:

> Should have read, *proper escaping*.
>
> On Tue, Jul 28, 2015 at 11:17 AM Andrew Kluthe <andrew at ctech.me> wrote:
>
> > Does revDataFromQuery do any sanitizing/proper to prevent me from
> sneaking
> > extra SQL into your search box like an injection style attack, or does it
> > just plop whatever you give in there no questions asked? Just curious. I
> > have always been spoiled by SQLYoga or rolled my DB interfaces up into
> API
> > servers of some kind.
> >
> > On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy <
> dave at applicationinsight.com>
> > wrote:
> >
> >> Mike, assuming you are searching the db with parameter pSearchTerm, try
> >> something like this:
> >>
> >>
> >> put "%" & pSearchTerm & "%" into tSearchTerm
> >> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery
> >> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm")
> >>
> >>
> >>
> >>
> >>
> >>
> >> -----
> >> "The difference between genius and stupidity is; genius has its limits."
> >> - Albert Einstein
> >> --
> >> View this message in context:
> >>
> http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html
> >> Sent from the Revolution - User mailing list archive at Nabble.com.
> >>
> >> _______________________________________________
> >> use-livecode mailing list
> >> use-livecode at lists.runrev.com
> >> Please visit this url to subscribe, unsubscribe and manage your
> >> subscription preferences:
> >> http://lists.runrev.com/mailman/listinfo/use-livecode
> >>
> >
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



-- 
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."


More information about the use-livecode mailing list