Dave, sorry, I thought I mentioned trying that. It does not work. Andrew, yes, if you use a parameterized query, you do not have to escape/sanitize your parameters. If you append them to build a query, you do.
On Tue, Jul 28, 2015 at 12:18 PM, Andrew Kluthe <and...@ctech.me> wrote: > Should have read, *proper escaping*. > > On Tue, Jul 28, 2015 at 11:17 AM Andrew Kluthe <and...@ctech.me> wrote: > > > Does revDataFromQuery do any sanitizing/proper to prevent me from > sneaking > > extra SQL into your search box like an injection style attack, or does it > > just plop whatever you give in there no questions asked? Just curious. I > > have always been spoiled by SQLYoga or rolled my DB interfaces up into > API > > servers of some kind. > > > > On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy < > d...@applicationinsight.com> > > wrote: > > > >> Mike, assuming you are searching the db with parameter pSearchTerm, try > >> something like this: > >> > >> > >> put "%" & pSearchTerm & "%" into tSearchTerm > >> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery > >> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm") > >> > >> > >> > >> > >> > >> > >> ----- > >> "The difference between genius and stupidity is; genius has its limits." > >> - Albert Einstein > >> -- > >> View this message in context: > >> > http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html > >> Sent from the Revolution - User mailing list archive at Nabble.com. > >> > >> _______________________________________________ > >> use-livecode mailing list > >> use-livecode@lists.runrev.com > >> Please visit this url to subscribe, unsubscribe and manage your > >> subscription preferences: > >> http://lists.runrev.com/mailman/listinfo/use-livecode > >> > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- On the first day, God created the heavens and the Earth On the second day, God created the oceans. On the third day, God put the animals on hold for a few hours, and did a little diving. And God said, "This is good." _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
