parameterized query with wildcard

PystCat pystcat at gmail.com
Wed Jul 29 11:28:41 EDT 2015 

Not a problem... Scrub the variable before the merge... It's what I do as well.  I have a function that takes the input and scrubs it... I'm away for another week but if you're interested, when I get back I can post the handler.



> On Jul 29, 2015, at 10:35 AM, Mike Kerner <MikeKerner at roadrunner.com> wrote:
> 
> The reason for using parameterized queries instead of either merging or
> appending is because of SQL injection.
> 
>> On Wed, Jul 29, 2015 at 10:18 AM, PystCat <pystcat at gmail.com> wrote:
>> 
>> Why not just use merge...?
>> 
>> Put "John" into tVal
>> Put merge("SELECT * FROM foo WHERE(bar LIKE %[[tVal]])") into pSQL
>> OR
>> put merge("SELECT * FROM foo WHERE(bar LIKE %[[tVal]]%)") into pSQL
>> 
>> I do this for all of my queries and it works fine.
>> 
>> Paul
>> 
>> 
>> 
>> 
>>>> On Jul 29, 2015, at 9:45 AM, Mike Kerner <MikeKerner at roadrunner.com>
>>> wrote:
>>> 
>>> If I was guessing, my hunch would be that including the single-quotes is
>>> going to make the db look for strings containing %:1%, instead of using
>> the
>>> wildcards and the parameter.
>>> 
>>> On Wed, Jul 29, 2015 at 9:31 AM, Mike Kerner <MikeKerner at roadrunner.com>
>>> wrote:
>>> 
>>>> Nope.  That doesn't work, Bob.  That returns nothing.
>>>> 
>>>> On Tue, Jul 28, 2015 at 7:23 PM, Bob Sneidar <
>> bobsneidar at iotecdigital.com>
>>>> wrote:
>>>> 
>>>>> Should be LIKE ‘:1’ or for wild cards LIKE ‘%:1%’.
>>>>> 
>>>>> If you are searching for a value at the beginning, LIKE ‘:1%’ or at the
>>>>> end, LIKE ‘%:1’
>>>>> 
>>>>> If searching for all, column LIKE ‘%:1%’ OR column LIKE ‘:1%’ OR column
>>>>> LIKE ‘%:1’
>>>>> 
>>>>> HTH
>>>>> 
>>>>> Bob S
>>>>> 
>>>>> 
>>>>>>> On Jul 28, 2015, at 08:16 , Mike Kerner <MikeKerner at roadrunner.com>
>>>>>> wrote:
>>>>>> 
>>>>>> Has anybody built any queries that use both parameters and wildcards,
>>>>> e.g.
>>>>>> in a LIKE statement?
>>>>>> 
>>>>>> SELECT * FROM foo WHERE bar LIKE %:1%
>>>>>> 
>>>>>> I've tried the above (error), I've tried '%':1'%' (error), and I've
>>>>> tried
>>>>>> appending the % to the container I'm passing as my :1 (doesn't work).
>>>>>> 
>>>>>> I really don't want to do this the unsafe way.
>>>>>> --
>>>>>> On the first day, God created the heavens and the Earth
>>>>>> On the second day, God created the oceans.
>>>>>> On the third day, God put the animals on hold for a few hours,
>>>>>> and did a little diving.
>>>>>> And God said, "This is good."
>>>>>> _______________________________________________
>>>>>> use-livecode mailing list
>>>>>> use-livecode at lists.runrev.com
>>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>>> subscription preferences:
>>>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>>> 
>>>>> _______________________________________________
>>>>> use-livecode mailing list
>>>>> use-livecode at lists.runrev.com
>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>>> subscription preferences:
>>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>> 
>>>> 
>>>> 
>>>> --
>>>> On the first day, God created the heavens and the Earth
>>>> On the second day, God created the oceans.
>>>> On the third day, God put the animals on hold for a few hours,
>>>>  and did a little diving.
>>>> And God said, "This is good."
>>> 
>>> 
>>> 
>>> --
>>> On the first day, God created the heavens and the Earth
>>> On the second day, God created the oceans.
>>> On the third day, God put the animals on hold for a few hours,
>>>  and did a little diving.
>>> And God said, "This is good."
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> 
> -- 
> On the first day, God created the heavens and the Earth
> On the second day, God created the oceans.
> On the third day, God put the animals on hold for a few hours,
>   and did a little diving.
> And God said, "This is good."
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list