Dave, I take that back - I must have had a typo the first time I tried it. Appending the wildcards to the search parameter does work.
On Tue, Jul 28, 2015 at 12:28 PM, Mike Kerner <mikeker...@roadrunner.com> wrote: > Dave, sorry, I thought I mentioned trying that. It does not work. > > Andrew, yes, if you use a parameterized query, you do not have to > escape/sanitize your parameters. If you append them to build a query, you > do. > > On Tue, Jul 28, 2015 at 12:18 PM, Andrew Kluthe <and...@ctech.me> wrote: > >> Should have read, *proper escaping*. >> >> On Tue, Jul 28, 2015 at 11:17 AM Andrew Kluthe <and...@ctech.me> wrote: >> >> > Does revDataFromQuery do any sanitizing/proper to prevent me from >> sneaking >> > extra SQL into your search box like an injection style attack, or does >> it >> > just plop whatever you give in there no questions asked? Just curious. I >> > have always been spoiled by SQLYoga or rolled my DB interfaces up into >> API >> > servers of some kind. >> > >> > On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy < >> d...@applicationinsight.com> >> > wrote: >> > >> >> Mike, assuming you are searching the db with parameter pSearchTerm, try >> >> something like this: >> >> >> >> >> >> put "%" & pSearchTerm & "%" into tSearchTerm >> >> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery >> >> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm") >> >> >> >> >> >> >> >> >> >> >> >> >> >> ----- >> >> "The difference between genius and stupidity is; genius has its >> limits." >> >> - Albert Einstein >> >> -- >> >> View this message in context: >> >> >> http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html >> >> Sent from the Revolution - User mailing list archive at Nabble.com. >> >> >> >> _______________________________________________ >> >> use-livecode mailing list >> >> use-livecode@lists.runrev.com >> >> Please visit this url to subscribe, unsubscribe and manage your >> >> subscription preferences: >> >> http://lists.runrev.com/mailman/listinfo/use-livecode >> >> >> > >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode >> > > > > -- > On the first day, God created the heavens and the Earth > On the second day, God created the oceans. > On the third day, God put the animals on hold for a few hours, > and did a little diving. > And God said, "This is good." > -- On the first day, God created the heavens and the Earth On the second day, God created the oceans. On the third day, God put the animals on hold for a few hours, and did a little diving. And God said, "This is good." _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
