parameterized query with wildcard

Mike Kerner MikeKerner at roadrunner.com
Tue Jul 28 12:34:20 EDT 2015


Dave,
I take that back - I must have had a typo the first time I tried it.
Appending the wildcards to the search parameter does work.

On Tue, Jul 28, 2015 at 12:28 PM, Mike Kerner <MikeKerner at roadrunner.com>
wrote:

> Dave, sorry, I thought I mentioned trying that.  It does not work.
>
> Andrew, yes, if you use a parameterized query, you do not have to
> escape/sanitize your parameters.  If you append them to build a query, you
> do.
>
> On Tue, Jul 28, 2015 at 12:18 PM, Andrew Kluthe <andrew at ctech.me> wrote:
>
>> Should have read, *proper escaping*.
>>
>> On Tue, Jul 28, 2015 at 11:17 AM Andrew Kluthe <andrew at ctech.me> wrote:
>>
>> > Does revDataFromQuery do any sanitizing/proper to prevent me from
>> sneaking
>> > extra SQL into your search box like an injection style attack, or does
>> it
>> > just plop whatever you give in there no questions asked? Just curious. I
>> > have always been spoiled by SQLYoga or rolled my DB interfaces up into
>> API
>> > servers of some kind.
>> >
>> > On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy <
>> dave at applicationinsight.com>
>> > wrote:
>> >
>> >> Mike, assuming you are searching the db with parameter pSearchTerm, try
>> >> something like this:
>> >>
>> >>
>> >> put "%" & pSearchTerm & "%" into tSearchTerm
>> >> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery
>> >> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm")
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> -----
>> >> "The difference between genius and stupidity is; genius has its
>> limits."
>> >> - Albert Einstein
>> >> --
>> >> View this message in context:
>> >>
>> http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html
>> >> Sent from the Revolution - User mailing list archive at Nabble.com.
>> >>
>> >> _______________________________________________
>> >> use-livecode mailing list
>> >> use-livecode at lists.runrev.com
>> >> Please visit this url to subscribe, unsubscribe and manage your
>> >> subscription preferences:
>> >> http://lists.runrev.com/mailman/listinfo/use-livecode
>> >>
>> >
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>
>
>
>
> --
> On the first day, God created the heavens and the Earth
> On the second day, God created the oceans.
> On the third day, God put the animals on hold for a few hours,
>    and did a little diving.
> And God said, "This is good."
>



-- 
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."



More information about the use-livecode mailing list