If you use the placeholder method, there is no need to sanitize the strings, that's the point of using it. Although I guess it depends on what you mean by "sanitize".
On Thu, Jul 30, 2015 at 8:11 AM Bob Sneidar <bobsnei...@iotecdigital.com> wrote: > Yes it does. If you use the placeholder method (I am not really sure what > to call it at this point) then sqlYoga sanitizes the strings for you. I've > inserted records with any number of characters using this method without > any problems reading in or out of the database. > > I'm not sure if a direct query like "address = '\\bobscomputer\scans'" is > sanitized. For the sake of standardization I always use the placeholder > method. > > Bob S > > > > On Jul 28, 2015, at 09:17 , Andrew Kluthe <and...@ctech.me> wrote: > > > > Does revDataFromQuery do any sanitizing/proper to prevent me from > sneaking > > extra SQL into your search box like an injection style attack, or does it > > just plop whatever you give in there no questions asked? Just curious. I > > have always been spoiled by SQLYoga or rolled my DB interfaces up into > API > > servers of some kind. > > > > On Tue, Jul 28, 2015 at 11:09 AM Dave Kilroy < > d...@applicationinsight.com> > > wrote: > > > >> Mike, assuming you are searching the db with parameter pSearchTerm, try > >> something like this: > >> > >> > >> put "%" & pSearchTerm & "%" into tSearchTerm > >> put "SELECT * FROM foo WHERE bar LIKE :1" into tQuery > >> get revDataFromQuery(tab, return, sDBID, tQuery, "tSearchTerm") > >> > >> > >> > >> > >> > >> > >> ----- > >> "The difference between genius and stupidity is; genius has its > limits." - > >> Albert Einstein > >> -- > >> View this message in context: > >> > http://runtime-revolution.278305.n4.nabble.com/parameterized-query-with-wildcard-tp4694407p4694419.html > >> Sent from the Revolution - User mailing list archive at Nabble.com. > >> > >> _______________________________________________ > >> use-livecode mailing list > >> use-livecode@lists.runrev.com > >> Please visit this url to subscribe, unsubscribe and manage your > >> subscription preferences: > >> http://lists.runrev.com/mailman/listinfo/use-livecode > >> > > _______________________________________________ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
