You have to test your incoming values, and reject requests that have "%" (and other illegal) chars.
I never allow real deletes from a web form, and especially not from trusted users. Consider adding a "deleted" column, and update the affected rows to indicate they've been deleted. It's a little more work, but it sounds like it'll save you some pain in the long run. -Clark ----- Original Message ---- From: RaghavendraK 70574 <[EMAIL PROTECTED]> To: SQLite <sqlite-users@sqlite.org> Sent: Thursday, August 16, 2007 6:02:32 PM Subject: [sqlite] like operator Hi, we have given a web interface which receive delete request. Now in the req we get "%" and in the delete impl we do this delete from table where itemName like xxx.%; since the key is % the above statement becomes, "delete from table where itemName like %.%";And result in fatal problem of erasing all records. Is there any api to deal with like operator for these conditions, pls help. Hopefully fix will not degrade performance. regrds ragha ****************************************************************************************** This email and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! ***************************************************************************************** ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
