I have an advanced search box. The user can type in multiple words in the
box. Those words are then used in the WHERE clause against a Description db
field.
So these words: plumber carpenter electrician
Would essentially equate to: "WHERE (Description LIKE '%plumber%') OR
(Description LIKE '%carpenter%') OR (Description LIKE '%electrician%' )"
Is there any easy way to dynamically create this WHERE clasue? I know how
to do it manually by code, but I didn't know if I had to manually parse the
tokens and construct the clause or if there was an easier way...
(I'm using MySQL.)
Thanks.
Nov 7 '08
12  1426 
Or should I just use a FilterExpressio n against my objectdatasourc e?
"Bobby Edward" <bo***@nobody.c omwrote in message
news:%2******** **********@TK2M SFTNGP03.phx.gb l...
"Mark Rae [MVP]" <ma**@markNOSPA Mrae.netwrote in message
news:us******** ******@TK2MSFTN GP03.phx.gbl...
>>
UNDER NO CIRCUMSTANCES do this!!! Your solution is absolutely wide open
to SQL Injection:
http://www.google.co.uk/search?sourc...L+Injection%22
Instead, allow users to select the occupation(s) they're interested in
e.g. by ticking checkboxes or some other technique - basically, anything
to avoid dynamic SQL...
I appreciate that very much Mark. But, what if I want the user to search
for ANY kind of word? It may not be something that I can list.
Can't I just clean up the string, such as by IGNORING the following
words/special characters when I create the WHERE:
DELETE
REMOVE
DROP
SELECT
UPDATE
INSERT
WHERE
*
%
;
.
etc....
A sincere advice. Never use concatenation of strings. Always use
Parameterized query. It takes less line of code and peace of mind from
security viewpoint..
I think, mysql can also be used with parameterized query, but syntax would
be different.
--
Vinay Khaitan
[Windows Forms Layout Control] http://www.smart-components.com/
----------------------------------------------------------------
"Bobby Edward" <bo***@nobody.c omwrote in message
news:um******** ******@TK2MSFTN GP02.phx.gbl...
>I have an advanced search box. The user can type in multiple words in the
box. Those words are then used in the WHERE clause against a Description
db field.
So these words: plumber carpenter electrician
Would essentially equate to: "WHERE (Description LIKE '%plumber%') OR
(Description LIKE '%carpenter%') OR (Description LIKE '%electrician%' )"
Is there any easy way to dynamically create this WHERE clasue? I know how
to do it manually by code, but I didn't know if I had to manually parse
the tokens and construct the clause or if there was an easier way...
(I'm using MySQL.)
Thanks.
Searched for you how to use parameterised query with Mysql. http://forums.asp.net/t/470457.aspx
--
Vinay Khaitan
[Windows Forms Layout Control] http://www.smart-components.com/
----------------------------------------------------------------
"Vinay Khaitan" <vk******@gmail .comwrote in message
news:%2******** ********@TK2MSF TNGP06.phx.gbl. ..
>A sincere advice. Never use concatenation of strings. Always use
Parameterize d query. It takes less line of code and peace of mind from
security viewpoint..
I think, mysql can also be used with parameterized query, but syntax would
be different.
--
Vinay Khaitan
[Windows Forms Layout Control]
http://www.smart-components.com/
----------------------------------------------------------------
"Bobby Edward" <bo***@nobody.c omwrote in message
news:um******** ******@TK2MSFTN GP02.phx.gbl...
>>I have an advanced search box. The user can type in multiple words in the
box. Those words are then used in the WHERE clause against a Description
db field.
So these words: plumber carpenter electrician
Would essentially equate to: "WHERE (Description LIKE '%plumber%') OR
(Description LIKE '%carpenter%') OR (Description LIKE '%electrician%' )"
Is there any easy way to dynamically create this WHERE clasue? I know
how to do it manually by code, but I didn't know if I had to manually
parse the tokens and construct the clause or if there was an easier
way...
(I'm using MySQL.)
Thanks.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Agoston Bejo |
last post by:
I am looking for the PL/SQL equivalent of the VBScript Exec and/or Eval
functions, i.e. I want to be able to dynamically create a statement, then
execute it in the current PL/SQL context, e.g.
declare
x integer := 5;
begin
ExecuteStatement('x := 10');
dbms_output.put_line(x); -- should put "10"
if EvaluateExpression('x*2 = 20') then
|
by: David |
last post by:
I have a one-line script to add an onunload event handler to the body of the
document. The script is as follows:
document.getElementsByTagName("BODY").onunload=function s() {alert("s")}
Now obviously, I put the alert("s") part in for debugging purposes, just to
make sure the error wasn't in any code I was going to be running. This line
works just fine in IE6 but in Firefox it doesn't. However, if I replace
that line with the...
|
by: Ken Varn |
last post by:
I want to add my own custom <STYLE> section in the <HEAD> section of my
ASP.NET page within a custom control. Can someone tell me how I can have my
custom control add tags to the <HEAD> section of the page dynamically when
the page is rendered?
--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.
|
by: Reza Nabi |
last post by:
Bakground: I have a webform (LoadCtl.aspx) which loads the user control to a
placeholder dynamically based on the ctlName querystring passed in the URL.
Webform (LoadCtl.aspx) also passes a variable (targetId) in to the
usercontrol (IntergySite.aspx) by calling its setter method.
Currently, I am using if-then-else and hardcoded the User Control Object to
do casting and call the setter method.
Question: Is there any way I could load,...
|
by: Andy Sutorius via DotNetMonster.com |
last post by:
Hi,
I remember in classic ASP when you had a webpage with a large number of
textboxes and you needed to perform an update sql statement you could loop
through all of the fields and dynamically create a sql statement. I have a
webform with over 200 textboxes and I need to perform a sql update. Is
there a way to do this in ASP.NET?
Thanks,
| | |
by: keithb |
last post by:
I have found that I must re-create dynamically added controls on every
postback in order to find and access them programatically. The controls I am
working with are inside a GridView control. When the edit button is clicked,
a postback occurs and the control are re-created. This causes an additional
set of columns to be created in the GridView control, so that all of the
dynamically added controls exist in 2 places on the screen. How can I...
|
by: sashang |
last post by:
Hi
I'd like to use metaclasses to dynamically generate a class based on a
parameter to the objects init function.
For example:
class MetaThing(type):
def __init__(cls, name, bases, dict, extra_information):
super(MetaThing, cls).__init__(name, bases, dict)
|
by: Suman |
last post by:
Happy Friday everyone!!!
I am working on a windows service and a C# application and needed some
help with certain functionality. Please read through my issue below.
Thanks!
I have a windows service which writes into a log file periodically
(text file). I want to create a windows form application, which, upon
invocation should continuously display the contents of the log file.
Even the newly made entries into the log file while the...
|
by: jmarendo |
last post by:
Hello,
After reading through the "Table Basics - DOM - Refer to table cells" example at mredkj.com , I modified the code for my own purposes. In the modified version, I create a hyperlink and place it in the last cell of each row that I create dynamically using DOM methods.
Everything is working well (that is, just like the original example) except for something related to the function behind my link. The link simply calls a function...
|
by: Merlin1857 |
last post by:
How to search multiple fields using ASP
A major issue for me when I first started writing in VB Script was constructing the ability to search a table using multiple field input from a form and having the sql statement dynamically built according to the input provided by the user. I have used the method described here hundreds of times it is quick and adaptive. I generally use a frames page for the search, in this way the search is maintained...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
