I'm working on my first Lift project. I'm implementing a search form
that will have
several fields -- firstname, lastname, age, sex, state, etc. The
search should allow
the user to enter as little or as much information as they know in
order to narrow
the search down. So, if they know the lastname is "Smith" and he is
"Male" then
the search should show all males with last name smith. If the user
does another
query on smith, Male, and now adds age=50 and state="FL", then it
should return
the new, more specific query results.
Question is, how to implement this dynamic search in a safe way (ie,
avoid SQL injections
etc). I'm thinking about using BySQL, but am unsure how to do
("where name=? and sex=?", "smith", "Male") and the next time have it
be
("where name=? and age=? and state=?", "smith", 50, "FL")
Basically, how does one safely generate the varying number of
conditions?
Thanks in advance,
Rog
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
