Does revDataFromQuery do any sanitizing/proper to prevent me from sneaking extra SQL into your search box like an injection style attack, or does it just plop whatever you give in there no questions asked? Just curious. I have always been spoiled by SQLYoga or rolled my DB interfaces up into API servers of some kind.
On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy <d...@applicationinsight.com> wrote: > Mike, assuming you are searching the db with parameter pSearchTerm, try > something like this: > > > put "%" & pSearchTerm & "%" into tSearchTerm > put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery > get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm") > > > > > > > ----- > "The difference between genius and stupidity is; genius has its limits." - > Albert Einstein > -- > View this message in context: > http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html > Sent from the Revolution - User mailing list archive at Nabble.com. > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
