Mike Yearwood
Toronto, Ontario, Canada
Information générale
Forum:
Microsoft SQL Server
Versions des environnements
SQL Server:
SQL Server 2008 R2
>Hi,
>
>Kindly help me about this scenario.
>
>I have a grid that has inputbox at the bottom of it. The user can input to the inputbox as quick search. I need to improve the quick search. Here is the input of the user:
>
>156 OR NOT BLANK
>
>I want to execute the query like this.
>
>Select * from Product where columnfield LIKE '%156%' OR columnfield IS NOT NULL
>
>I need to know your ideas on how to that in code.
>
>Thanks and in-advance.
Parse your user's input and construct your command like this...
m.lcvalue = '%516%'
sqlexec("select * from product where columnfield LIKE ?m.lcValue OR columnfield IS NOT NULL")
and you will have no SQL injection attacks.
Précédent
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement