Ben- did'nt see your solution?
Martin ______________________________________________ Disclaimer and confidentiality note This message is confidential and may be privileged. If you are not the intended recipient, we kindly ask you to please inform the sender. Any unauthorised dissemination or copying hereof is prohibited. This message serves for information purposes only and shall not have any legally binding effect. Given that e-mails can easily be subject to manipulation, we can not accept any liability for the content provided. > From: b...@wisper-wireless.com > To: mysql@lists.mysql.com > Subject: RE: Search based where claused and stored proc > Date: Fri, 27 Mar 2009 13:43:51 -0500 > > > > Ben Wiechman > Network Administrator > Wisper High Speed Internet > Office: 866.394.7737 > Direct: 320.256.0184 > Cell: 320.247.3224 > b...@wisper-wireless.com > > > > > -----Original Message----- > > From: Gary Smith [mailto:g...@primeexalia.com] > > Sent: Friday, March 27, 2009 12:59 PM > > To: mysql@lists.mysql.com > > Subject: [MySQL] Search based where claused and stored proc > > > > I'm working on a small project of re-implementing all of the sql for a > > web site. The task is pretty trivial but overall there are some minor > > things that I'm trying to code through. > > > > We've moved much of the logic over to stored procs and call them with > > parameterized queries. This works well since there isn't much inject > > attack possibility on these. Now I have one query left, which allows > > for an arbitrary number of search parameters, all using AND. > > > > Has anyone accomplished coverting something like this to a stored proc > > in mysql? > > > > Logically I could pass in the parameters in as an array of words, or a > > wordlist to be broken up inside the proc, but I don't want to spend a > > bunch of time either reinventing the wheel or working to a goal that > > can't be accomplished. > > > > We could build the base query dynamically in the code using standard sql > > and bind the parameters to it that way but since we've moved everything > > else to procs I figured I'd look into this as well. > > > > BTW, this is a project I brought onto after they found they had a sql > > injection bug in there code that was exploited... > > -- > > MySQL General Mailing List > > For list archives: http://lists.mysql.com/mysql > > To unsubscribe: http://lists.mysql.com/mysql?unsub=b...@meltel.com > > > > > > > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/mysql?unsub=mgai...@hotmail.com > _________________________________________________________________ Express your personality in color! Preview and select themes for HotmailĀ®. http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=TXT_MSGTX_WL_HM_express_032009#colortheme
