Should have read, *proper escaping*. On Tue, Jul 28, 2015 at 11:17 AM Andrew Kluthe <and...@ctech.me> wrote:
> Does revDataFromQuery do any sanitizing/proper to prevent me from sneaking > extra SQL into your search box like an injection style attack, or does it > just plop whatever you give in there no questions asked? Just curious. I > have always been spoiled by SQLYoga or rolled my DB interfaces up into API > servers of some kind. > > On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy <d...@applicationinsight.com> > wrote: > >> Mike, assuming you are searching the db with parameter pSearchTerm, try >> something like this: >> >> >> put "%" & pSearchTerm & "%" into tSearchTerm >> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery >> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm") >> >> >> >> >> >> >> ----- >> "The difference between genius and stupidity is; genius has its limits." >> - Albert Einstein >> -- >> View this message in context: >> http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html >> Sent from the Revolution - User mailing list archive at Nabble.com. >> >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode >> > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
