Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Dynamic where clause
Message
From
13/12/2013 16:28:06
Mike Yearwood
Toronto, Ontario, Canada
 
 
To
13/12/2013 11:48:36
Larry Santos
Local Data System
Philippines
General information
Forum:
Microsoft SQL Server
Category:
Other
Title:
Re: Dynamic where clause
Environment versions
SQL Server:
SQL Server 2008 R2
Application:
Web
Miscellaneous
Thread ID:
01590152
Message ID:
01590199
Views:
51
>Hi,
>
>Kindly help me about this scenario.
>
>I have a grid that has inputbox at the bottom of it. The user can input to the inputbox as quick search. I need to improve the quick search. Here is the input of the user:
>
>156 OR NOT BLANK
>
>I want to execute the query like this.
>
>Select * from Product where columnfield LIKE '%156%' OR columnfield IS NOT NULL
>
>I need to know your ideas on how to that in code.
>
>Thanks and in-advance.

Parse your user's input and construct your command like this...

m.lcvalue = '%516%'
sqlexec("select * from product where columnfield LIKE ?m.lcValue OR columnfield IS NOT NULL")

and you will have no SQL injection attacks.
Previous
Reply
Map
View

Click here to load this message in the networking platform