This should work: select * from table where column LIKE #value# || '%'
Larry On Wed, Feb 20, 2008 at 9:40 PM, Zoran Avtarovski <[EMAIL PROTECTED]> wrote: > We have a web application with an ajax autocomplete text box. The problem is > that currently the query statement for the ajax query is : > > Select * from table where column LIKE '$value$%' > > Which is susceptible to sql injection attacks. > > One solution is to have a separate connection pool with read-only > privileges, but this seems blunt and doesn't prevent malicious access to > sensitive data. > > > Is there a better way of doing this? > > > Z. > > >
