Ben Wiechman Network Administrator Wisper High Speed Internet Office: 866.394.7737 Direct: 320.256.0184 Cell: 320.247.3224 b...@wisper-wireless.com
> -----Original Message----- > From: Gary Smith [mailto:g...@primeexalia.com] > Sent: Friday, March 27, 2009 12:59 PM > To: mysql@lists.mysql.com > Subject: [MySQL] Search based where claused and stored proc > > I'm working on a small project of re-implementing all of the sql for a > web site. The task is pretty trivial but overall there are some minor > things that I'm trying to code through. > > We've moved much of the logic over to stored procs and call them with > parameterized queries. This works well since there isn't much inject > attack possibility on these. Now I have one query left, which allows > for an arbitrary number of search parameters, all using AND. > > Has anyone accomplished coverting something like this to a stored proc > in mysql? > > Logically I could pass in the parameters in as an array of words, or a > wordlist to be broken up inside the proc, but I don't want to spend a > bunch of time either reinventing the wheel or working to a goal that > can't be accomplished. > > We could build the base query dynamically in the code using standard sql > and bind the parameters to it that way but since we've moved everything > else to procs I figured I'd look into this as well. > > BTW, this is a project I brought onto after they found they had a sql > injection bug in there code that was exploited... > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/mysql?unsub=b...@meltel.com > > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
