Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Dynamic where clause
Message
De
13/12/2013 16:28:06
Mike Yearwood
Toronto, Ontario, Canada
 
 
À
13/12/2013 11:48:36
Larry Santos
Local Data System
Philippines
Information générale
Forum:
Microsoft SQL Server
Catégorie:
Autre
Titre:
Re: Dynamic where clause
Versions des environnements
SQL Server:
SQL Server 2008 R2
Application:
Web
Divers
Thread ID:
01590152
Message ID:
01590199
Vues:
52
>Hi,
>
>Kindly help me about this scenario.
>
>I have a grid that has inputbox at the bottom of it. The user can input to the inputbox as quick search. I need to improve the quick search. Here is the input of the user:
>
>156 OR NOT BLANK
>
>I want to execute the query like this.
>
>Select * from Product where columnfield LIKE '%156%' OR columnfield IS NOT NULL
>
>I need to know your ideas on how to that in code.
>
>Thanks and in-advance.

Parse your user's input and construct your command like this...

m.lcvalue = '%516%'
sqlexec("select * from product where columnfield LIKE ?m.lcValue OR columnfield IS NOT NULL")

and you will have no SQL injection attacks.
Précédent
Répondre
Fil
Voir

Click here to load this message in the networking platform