473,407 Members | 2,359 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > mysql database > questions > correct form to quote strings with (intentional) wildcards?

Join Bytes to post your question to a community of 473,407 software developers and data experts.

Correct form to quote strings with (intentional) wildcards?

sgr

There's probably a simple answer to this one, but...
I've got a string that I've read in from a web browser, and I want to
return a list of matching
entries that start with that string.

I want to do something like (Using perl/DBI):

$sth = $dbh->prepare('SELECT * FROM Entries WHERE name like '?%'");
$sth->execute($name_from_browser);

But that's not going to work, as the placeholder is going to get
replaced with a 'Fred', resulting
in a statement like:

SELECT * FROM Entries WHERE name like ''Fred'%'

In a nutshell, I want to quote the input string, to protect against sql
injection hacks, but I still want to add a wildcard to the field before
the query.

Is there a simple way of doing this? Currently, I'm using $dbh->quote
to quote the input string,
then manipulating the resulting string to add a '%' wildcard character
before the closing apostrophe,
but that sure feels wrong, and I keep thinking there's got to be a
better way.

Thanks for any answers.
<Steve>

Feb 17 '06 #1
2 1287
"sgr" <st***@madmaggies.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
$sth = $dbh->prepare('SELECT * FROM Entries WHERE name like '?%'");
$sth->execute($name_from_browser);


Try this:
$sth = $dbh->prepare('SELECT * FROM Entries WHERE name LIKE CONCAT(?,
'%')");

By the way, it's not precisely true that the ? is replaced by the string
'Fred'. When you prepare a SQL statement that contains parameters, the SQL
is parsed, optimized, and prepared by the RDBMS, and then it is in an
internal form that is not human-readable. Then, when you provide a value
via the execute() function, the RBDMS doesn't need to put quotes around the
value or re-parse the SQL; it puts the value directly into that internal
data structure that represents the prepared query, and executes the query.

Regards,
Bill K.
Feb 17 '06 #2
sgr
Thanks Bill, I guess I should have thought of that.

<Steve>

Feb 18 '06 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
Simple Form Validation
by: greg.scharlemann | last post by:
I've been playing with this form validation method for a while and have tried an array of things but haven't had any luck with a couple items. 1. The validateForm() function doesn't detect when...
Javascript
4
parameter query passed from a form with wildcards
by: MVM | last post by:
Hi everyone, I am working on an Access project (ADP). I have a switchboard form setup to allow the user to open up another form by entering search criteria in a text box and clicking a command...
Microsoft Access / VBA
11
Can I use wildcards in TransferText import?
by: Shyguy | last post by:
I need to import a text file pretty much daily. I download the file and change the name to a standard name and then run the code to import the file into a table in my database. The problem is...
Microsoft Access / VBA
10
wildcards in rename()?
by: Alvaro Puente | last post by:
Hi all! Do any of you know if wildcards are accepted when calling rename() function? Thanks/Alvaro
C / C++
1
Wildcards are not allowed in the middle of the String (Dataset Fil
by: Anandan | last post by:
Hi, This is regarding Dataset Filter: WILDCARD CHARACTERS Both the * and % can be used interchangeably for wildcards in a LIKE comparison. If the string in a LIKE clause contains a * or %,...
Visual Basic .NET
3
Search in specific field on form does not work.
by: AA Arens | last post by:
I have a few buttons on my form to search for text in a dedicated field: Private Sub CmdSearchA_Click() On Error GoTo Err_Find_Record_Click Me.CustomerID.SetFocus DoCmd.DoMenuItem...
Microsoft Access / VBA
5
Form based query system?
by: SeanCly10 | last post by:
Hi all. I don't want to sound like a complete idiot here, but I'm somewhat limited in my coding knowledge, and I need some advice and help. I'm working on a database that will eventually be used...
Microsoft Access / VBA
2
Using a control on a form to determine criteria for a query
by: Coll | last post by:
I have a form and a query. I would like to have some control on the form (check box probably), that when selected will limit the criteria for a field in a query. Here are the details.... When...
Microsoft Access / VBA
6
Open Excel File from Access Form using Wildcards
by: brunpam | last post by:
Hello, I'm somewhat new to Access and I'm trying to open an Excel file from an Acess form command button. The only problem is the Excel filename includes a date and the date changes on a weekly...
Microsoft Access / VBA
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!