You could translate the query predicates you are creating from the
input to a list of By objects. Eg. Take age=50 and transform it into By
(User.age, 50). Then take your list and findAll(predicates: _*).
On 2009-09-10, at 9:59, Rogelio <rogbo...@gmail.com> wrote:
>
> I'm working on my first Lift project. I'm implementing a search form
> that will have
> several fields -- firstname, lastname, age, sex, state, etc. The
> search should allow
> the user to enter as little or as much information as they know in
> order to narrow
> the search down. So, if they know the lastname is "Smith" and he is
> "Male" then
> the search should show all males with last name smith. If the user
> does another
> query on smith, Male, and now adds age=50 and state="FL", then it
> should return
> the new, more specific query results.
>
> Question is, how to implement this dynamic search in a safe way (ie,
> avoid SQL injections
> etc). I'm thinking about using BySQL, but am unsure how to do
> ("where name=? and sex=?", "smith", "Male") and the next time have it
> be
> ("where name=? and age=? and state=?", "smith", 50, "FL")
>
> Basically, how does one safely generate the varying number of
> conditions?
>
> Thanks in advance,
> Rog
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
