i have a database as
table name school
field name location
eg in location column data
green school,tagore garden,chink road,jammu
i want to make search on location such that when user enter
green
green school, tagore
search words should come continous
problem
on entering
green school, jammu
record not show
search query is
select*from school where location like'%a%'
where a is variable of text box
also suggest me to protect this text box against sequel injection
4 3365 @kkshansid
In ASP Vbscript , when u r comparing form variables in sql statements, use within quotes as shown below :
sql = "select * from school where location like '%"&a&"%'"
then execute this statement
Regards,
"D"
eg in location column data
green school,tagore garden,chink road,jammu
i want to make search on location such that when user enter
green
green school, tagore
broblem is that it takes condition that search words should come continous
problem
on entering
green school, jammu
record not show
search query is
sql = "select * from school where location like '%"&a&"%'"
where a is variable of text box
@kkshansid
It looks like your grasp of ASP is OK, but the SQL needs to be more complicated. Try splitting the entered data by the space character, and enter each term separately into the sql like this: - asplit = split(a, " ") 'asplit is now an array of the terms in a
-
sql = "SELECT * FROM school WHERE "
-
for each x in asplit
-
sql = sql + "location LIKE '%" & x & "% AND "
-
next
-
-
'sql now ends with "AND " and this needs to be removed
-
sql = left(sql, len(sql)-4) 'removes the last 4 characters from the string
Try this and let me know if it works.
Jared
@kkshansid
In order to protect against SQL injection, you will need to search and replace special characters in your text - the first one that comes to mind is the semi-colon (;) since you need to separate sql statements with the semicolon. There are a whole bunch of characters it would be good to replace, some people have lists, anyway, the basic replace function looks like this: - searchString = Replace(a, ";", "|")
Jared
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Doc |
last post by:
I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high...
|
by: mp |
last post by:
Hi,
MS Access DB, C#, VS, SQL
I have implemented search with SQL statements like follows:
SQLString = "SELECT ENGLISH FROM MyTable WHERE ENGLISH LIKE
'"+txtWordManipulation.Text+"%' ORDER BY...
|
by: ime |
last post by:
Hi to all.
I'm making a web application in which users enter text
for a person's name, last name, sex, etc.
But user doesn't have to populate all text boxes, so I don't know how to
make query...
|
by: Zeya |
last post by:
I have an application where I am required to run a full text query. My
database is MySQL and code in C#. The way all queries are SELECT * FROM
table WHERE firstname = ? and using command...
|
by: mantrid |
last post by:
Up to the other day I have not bothered protecting my php script on my
feedback form against email injection. Howerver, i have had a spammer using
it to insert email addresses as cc: bc: into my...
|
by: |
last post by:
I have a question about spawning and displaying subordinate list controls
within a list control. I'm also interested in feedback about the design of
my search application. Lots of code is at the...
|
by: helraizer1 |
last post by:
Hi all,
I've noticed on my friend's site www.sheepeep.com/index.php?p=1 that is easy to manipulate with XSS, I don't mean it in a malicious way at all, just to give an idea as to what people can...
|
by: mbenedict |
last post by:
I am rather new at this code and am attempting to modify existing code to use clob datatypes, which I have never used before. The database tables have been set up for clob data. When trying to use...
|
by: iahamed |
last post by:
Hi Everyone,
I got two parts of my advance search to work, I am running out of Logic to
connect the third. My mind is in swing! Pleaseeeeeeeee Help me.
I have 3 Fiels to search, the First two...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |