Mike Yearwood
Toronto, Ontario, Canada
General information
Forum:
Microsoft SQL Server
Environment versions
SQL Server:
SQL Server 2008 R2
>Hi,
>
>Kindly help me about this scenario.
>
>I have a grid that has inputbox at the bottom of it. The user can input to the inputbox as quick search. I need to improve the quick search. Here is the input of the user:
>
>156 OR NOT BLANK
>
>I want to execute the query like this.
>
>Select * from Product where columnfield LIKE '%156%' OR columnfield IS NOT NULL
>
>I need to know your ideas on how to that in code.
>
>Thanks and in-advance.
Parse your user's input and construct your command like this...
m.lcvalue = '%516%'
sqlexec("select * from product where columnfield LIKE ?m.lcValue OR columnfield IS NOT NULL")
and you will have no SQL injection attacks.
Previous
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only