parameterized query with wildcard

[Mike Kerner]

The reason for using parameterized queries instead of either merging or
appending is because of SQL injection.

On Wed, Jul 29, 2015 at 10:18 AM, PystCat <pystcat at gmail.com> wrote:

> Why not just use merge...?
>
> Put "John" into tVal
> Put merge("SELECT * FROM foo WHERE(bar LIKE %[[tVal]])") into pSQL
> OR
> put merge("SELECT * FROM foo WHERE(bar LIKE %[[tVal]]%)") into pSQL
>
> I do this for all of my queries and it works fine.
>
> Paul
>
>
>
>
> > On Jul 29, 2015, at 9:45 AM, Mike Kerner <MikeKerner at roadrunner.com>
> wrote:
> >
> > If I was guessing, my hunch would be that including the single-quotes is
> > going to make the db look for strings containing %:1%, instead of using
> the
> > wildcards and the parameter.
> >
> > On Wed, Jul 29, 2015 at 9:31 AM, Mike Kerner <MikeKerner at roadrunner.com>
> > wrote:
> >
> >> Nope.  That doesn't work, Bob.  That returns nothing.
> >>
> >> On Tue, Jul 28, 2015 at 7:23 PM, Bob Sneidar <
> bobsneidar at iotecdigital.com>
> >> wrote:
> >>
> >>> Should be LIKE ‘:1’ or for wild cards LIKE ‘%:1%’.
> >>>
> >>> If you are searching for a value at the beginning, LIKE ‘:1%’ or at the
> >>> end, LIKE ‘%:1’
> >>>
> >>> If searching for all, column LIKE ‘%:1%’ OR column LIKE ‘:1%’ OR column
> >>> LIKE ‘%:1’
> >>>
> >>> HTH
> >>>
> >>> Bob S
> >>>
> >>>
> >>>> On Jul 28, 2015, at 08:16 , Mike Kerner <MikeKerner at roadrunner.com>
> >>> wrote:
> >>>>
> >>>> Has anybody built any queries that use both parameters and wildcards,
> >>> e.g.
> >>>> in a LIKE statement?
> >>>>
> >>>> SELECT * FROM foo WHERE bar LIKE %:1%
> >>>>
> >>>> I've tried the above (error), I've tried '%':1'%' (error), and I've
> >>> tried
> >>>> appending the % to the container I'm passing as my :1 (doesn't work).
> >>>>
> >>>> I really don't want to do this the unsafe way.
> >>>> --
> >>>> On the first day, God created the heavens and the Earth
> >>>> On the second day, God created the oceans.
> >>>> On the third day, God put the animals on hold for a few hours,
> >>>>  and did a little diving.
> >>>> And God said, "This is good."
> >>>> _______________________________________________
> >>>> use-livecode mailing list
> >>>> use-livecode at lists.runrev.com
> >>>> Please visit this url to subscribe, unsubscribe and manage your
> >>> subscription preferences:
> >>>> http://lists.runrev.com/mailman/listinfo/use-livecode
> >>>
> >>> _______________________________________________
> >>> use-livecode mailing list
> >>> use-livecode at lists.runrev.com
> >>> Please visit this url to subscribe, unsubscribe and manage your
> >>> subscription preferences:
> >>> http://lists.runrev.com/mailman/listinfo/use-livecode
> >>>
> >>
> >>
> >>
> >> --
> >> On the first day, God created the heavens and the Earth
> >> On the second day, God created the oceans.
> >> On the third day, God put the animals on hold for a few hours,
> >>   and did a little diving.
> >> And God said, "This is good."
> >>
> >
> >
> >
> > --
> > On the first day, God created the heavens and the Earth
> > On the second day, God created the oceans.
> > On the third day, God put the animals on hold for a few hours,
> >   and did a little diving.
> > And God said, "This is good."
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



-- 
On the first day, God created the heavens and the Earth
On the second day, God created the oceans.
On the third day, God put the animals on hold for a few hours,
   and did a little diving.
And God said, "This is good."