Hi,
I need a little help on my SQL syntax.
I want to store forbidden inputs from the GUI in a table and query it on
input from the user;
simple layout:
CREATE TABLE `forbidden_input` (`lfdnr` TINYINT (3) UNSIGNED DEFAULT '0'
AUTO_INCREMENT, `input` VARCHAR (255) NOT NULL, PRIMARY KEY(`lfdnr`),
UNIQUE(`input`));
Content is something like this:
1,'+'
2,'^'
3,'>'
4,'<'
5,'('
6,')'
7,'~'
8,'&'
9,'%'
The Query shall be something like (Where 'Hello Wor&ld' will later be
substituted with the user's input by PHP.):
SELECT `input` FROM lok_forbidden_input WHERE 'Hello Wor&ld' like '%\&%';
I get a strange behavior here, which I can't explain myself: I get either no
results or all results.
More bad: I originally wanted to compare the table content agains the user's
input.
So the query should rather look like this:
SELECT `input` FROM lok_forbidden_input WHERE 'Ha%llo Welt' like
'%\'+`input`+'%';
But here I get a problem with the backslash with should mask out something
like '%' in table's row number 9.
Where am i wrong here?
Thanks for any help
Maik
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
