I'm working on a small project of re-implementing all of the sql for a web site. The task is pretty trivial but overall there are some minor things that I'm trying to code through.
We've moved much of the logic over to stored procs and call them with parameterized queries. This works well since there isn't much inject attack possibility on these. Now I have one query left, which allows for an arbitrary number of search parameters, all using AND. Has anyone accomplished coverting something like this to a stored proc in mysql? Logically I could pass in the parameters in as an array of words, or a wordlist to be broken up inside the proc, but I don't want to spend a bunch of time either reinventing the wheel or working to a goal that can't be accomplished. We could build the base query dynamically in the code using standard sql and bind the parameters to it that way but since we've moved everything else to procs I figured I'd look into this as well. BTW, this is a project I brought onto after they found they had a sql injection bug in there code that was exploited... -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
