RE: Select Query

Jeremy Allen Wed, 23 Aug 2000 15:25:03 -0700
This can potentially harm the server via a DoS attack.

In that if I search for "%" then it will return all
records in that particular database. It is an easy
matter even on a slow connection to write a script to
totally swamp a database..

Some parsing of the field passed in could be a good
idea if this is a public site. Such as stripping
out certain no no's.

<CFSET strSearch = Form.SearchField>

<!--- Strip out invalid search criteria --->
<CFSET strSearch = Replace(strSearch, "%", "", "ALL")>

<CFQUERY NAME="doclist" DATASOURCE="custdoc" DBTYPE="ODBC">
        SELECT      *
        FROM         Customerdoclist
        WHERE       (Customerdoclist.keywords LIKE '%#strSearch#%')
</CFQUERY>

-----Original Message-----
From: Chapman, Katrina [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 23, 2000 4:39 PM
To: [EMAIL PROTECTED]
Subject: RE: Select Query


That's almost it you need to add %'s around the string passed.

IE

        <cfquery name="doclist" datasource="custdoc" dbtype="ODBC">
        SELECT      *
        FROM         Customerdoclist
        WHERE       (Customerdoclist.keywords LIKE '%#url.page#%')
        </cfquery>

-----Original Message-----
From: Peter Benoit [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 23, 2000 1:31 PM
To: '[EMAIL PROTECTED]'
Subject: Select Query


I have set a url string to a page, and I want to perform a query from a DB
using that as a keyword.

Can I set a field in a DB with a bunch of keywords to compare against a
string?

Lets say I pass the word "Peter" is #url.page#

And the field in the DB named Keyword has - John Mary Peter Bill - in it.
Is it possible to build a query that will find Peter in that list of words,
and presents the results?

My code so far:

        <cfquery name="doclist" datasource="custdoc" dbtype="ODBC">
        SELECT      *
        FROM         Customerdoclist
        WHERE       (Customerdoclist.keywords LIKE '#url.page#')
        </cfquery>


Peter

----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Select Query

Reply via email to
