ilto:[EMAIL PROTECTED]]
> Sent: Friday, February 09, 2001 10:33 AM
> To: 'Jon Franz'
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: Re: [Zope-dev] ZSQL using LIKE operator
>
>
> Not taken as being harsh from where I stand! The more we
> know...the better!
>
]'
Subject: RE: Re: [Zope-dev] ZSQL using LIKE operator
sqltest just creates the full string of the where clause segment
for the test using the same kind of 'safe' sql-string logic as
sqlvar: so you should be able to replace the value to test against
with any valid python expres
riday, February 09, 2001 7:01 AM
> To: 'Jon Franz'; '[EMAIL PROTECTED]'
> Subject: Bad: Re: [Zope-dev] ZSQL using LIKE operator
>
>
> Got it. Making the change now. Thanks for keeping an eye on
> this thread.
> What about the sqltest suggestion on pos
, February 08, 2001 3:54 PM
To: '[EMAIL PROTECTED]'
Subject: Bad: Re: [Zope-dev] ZSQL using LIKE operator
No, this is bad!! Do NOT do this - it will allow Bad characters in your SQL
query that could allow mischievous people to tamper with your Db and
possibly hack your box
(depending upon what
Schmidt, Allen J. writes:
> how to resolve a query which I need to read:
>
> SELECT * FROM table WHERE keywords LIKE '%keywords_variable%'
>
> has 'op=like' and when set to 'type=string' produces the LIKE
> operation in the query, with single quotes, but I cannot get it to 'wrap'
>
this Can be a big security hazard...
~Jon Franz/'Coventry': http://www.zope.org/Members/Coventry
>Message: 9
>Date: Thu, 08 Feb 2001 07:32:48 -0500
>Subject: Re: [Zope-dev] ZSQL using LIKE operator
>From: Jens Vagelpohl <[EMAIL PROTECTED]>
>To: "Schmid
1 AM
To: Jens Vagelpohl
Cc: Schmidt, Allen J.; [EMAIL PROTECTED]
Subject: Re: [Zope-dev] ZSQL using LIKE operator
Jens Vagelpohl wrote:
>
> just write it out like:
>
> SELECT * FROM table WHERE keywords LIKE '%%'
>
> jens
>
> on 2/8/01 7:17, Schmidt, All
Jens Vagelpohl wrote:
>
> just write it out like:
>
> SELECT * FROM table WHERE keywords LIKE '%%'
>
> jens
>
> on 2/8/01 7:17, Schmidt, Allen J. at [EMAIL PROTECTED] wrote:
>
> > I have been through the docs, searched a variety of locations, and cannot
> > find anything on how to resolve a q
just write it out like:
SELECT * FROM table WHERE keywords LIKE '%%'
jens
on 2/8/01 7:17, Schmidt, Allen J. at [EMAIL PROTECTED] wrote:
> I have been through the docs, searched a variety of locations, and cannot
> find anything on how to resolve a query which I need to read:
>
> SELECT * FRO
I have been through the docs, searched a variety of locations, and cannot
find anything on how to resolve a query which I need to read:
SELECT * FROM table WHERE keywords LIKE '%keywords_variable%'
has 'op=like' and when set to 'type=string' produces the LIKE
operation in the query, with single
10 matches
Mail list logo