You should be able to use something like this (untested):
That way you get the SQL quoting without the surrounding quotes.
___
Ron Bickers
Logic Etc, Inc.
[EMAIL PROTECTED]
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 11:03 AM
> To: [EMAIL PROTECTED]
> Subject: [Zope] MySQL LIKE operator
>
>
> Hello,
>
> I'm writing a search query to a MySQL database. I want to keep
> people from screwing around with my database by running searches like ";
> delete from ... yada yada. So I should use , right? But
> what if I want to use LIKE?
> If I say: WHERE goo LIKE "%%" then
> effectively I am saying: WHERE goo LIKE "%'somestring'%". In other
> words, it will match only the string with the single quotes. I hope
> this makes sense. Has anyone faced a similar problem?
> Thanks for any help
>
> --Aaron
>
>
> ___
> Zope maillist - [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>
>
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )