Should have read, *proper escaping*. On Tue, Jul 28, 2015 at 11:17 AM Andrew Kluthe <[email protected]> wrote:
> Does revDataFromQuery do any sanitizing/proper to prevent me from sneaking > extra SQL into your search box like an injection style attack, or does it > just plop whatever you give in there no questions asked? Just curious. I > have always been spoiled by SQLYoga or rolled my DB interfaces up into API > servers of some kind. > > On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy <[email protected]> > wrote: > >> Mike, assuming you are searching the db with parameter pSearchTerm, try >> something like this: >> >> >> put "%" & pSearchTerm & "%" into tSearchTerm >> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery >> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm") >> >> >> >> >> >> >> ----- >> "The difference between genius and stupidity is; genius has its limits." >> - Albert Einstein >> -- >> View this message in context: >> http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html >> Sent from the Revolution - User mailing list archive at Nabble.com. >> >> _______________________________________________ >> use-livecode mailing list >> [email protected] >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode >> > _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
