I think DB#runQuery method suits for your needs. It is handy method to execute prepare statement.
example code: DB.runQuery("select * from person where name=? and age=? and state=?", List("smith", 50, "FL")) But, You still have to make a where clause generator. DB#runQuery use DefaultConnectionIdentifier. I want to specify a connection identifier in this method... On 9月10日, 午後10:59, Rogelio <rogbo...@gmail.com> wrote: > I'm working on my first Lift project. I'm implementing a search form > that will have > several fields -- firstname, lastname, age, sex, state, etc. The > search should allow > the user to enter as little or as much information as they know in > order to narrow > the search down. So, if they know the lastname is "Smith" and he is > "Male" then > the search should show all males with last name smith. If the user > does another > query on smith, Male, and now adds age=50 and state="FL", then it > should return > the new, more specific query results. > > Question is, how to implement this dynamic search in a safe way (ie, > avoid SQL injections > etc). I'm thinking about using BySQL, but am unsure how to do > ("where name=? and sex=?", "smith", "Male") and the next time have it > be > ("where name=? and age=? and state=?", "smith", 50, "FL") > > Basically, how does one safely generate the varying number of > conditions? > > Thanks in advance, > Rog --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---