Hi, Select * from table where column LIKE CONCAT(#value#, '%')
Christian -----Original Message----- From: Abhishek Pratap Singh08 [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 10:01 AM To: [email protected] Subject: Regarding SQL injection chaniging SELECT QUERY Hi Again, Suppose I have a query Select * from table where column LIKE '$value$%' Can be changed to select * from table where column LIKE #value# || '%' but this works on ORACLE.... what is the work around for MySQL? Regards, Abhishek -----Original Message----- From: Larry Meadors [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 6:18 PM To: [email protected] Subject: Re: Regarding SQL injection Chapter 1 Don't use the replacement ($property$) syntax unless you scrub the input. The end. :-) Larry On Tue, Mar 4, 2008 at 3:05 AM, Abhishek Pratap Singh08 <[EMAIL PROTECTED]> wrote: > > > > > Hi All, > > I need the guidelines of handling sql > injection in iBatis. Any pdf or link will be very helpful. > > > > Regards, > > Abhishek > > > **************** CAUTION - Disclaimer ***************** This e-mail > contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for > the use of the addressee(s). If you are not the intended recipient, > please notify the sender by e-mail and delete the original message. > Further, you are not to copy, disclose, or distribute this e-mail or > its contents to any other person and any such actions are unlawful. > This e-mail may contain viruses. Infosys has taken every reasonable > precaution to minimize this risk, but is not liable for any damage you > may sustain as a result of any virus in this e-mail. You should carry > out your own virus checks before opening the e-mail or attachment. > Infosys reserves the right to monitor and review the content of all > messages sent to or from this e-mail address. Messages sent to or from > this e-mail address may be stored on the Infosys e-mail system. > ***INFOSYS******** End of Disclaimer ********INFOSYS*** >
