y, October 20, 2000 3:22 AM
To: [EMAIL PROTECTED]
Subject: Re: [Zope] dtml-sqlvar quote
Hi all thanks for the help.
Just on that. Is it safe to do
select * from data where like '%
as search_term could contain '; drop table blah; ' or what ever.
I thought by using you c
Hi all thanks for the help.
Just on that. Is it safe to do
select * from data where like '%
as search_term could contain '; drop table blah; ' or what ever.
I thought by using you could use untrusted values.
Thanks again
Mark
On Fri, 20 Oct 2000, Tony McDonald wrote:
> >
> >Hi all
> >
>
>Hi all
>
>How can i pass a string to a sql method that won't be quoted.
>
>i.e so i can do somthing like this
>
>.
>group by foo,blah
>order by
>
>
>thanks mark
>
don't quote it?
...
order by
I use this all the time for things like
select * from data where like '%%'
tone
___
On Fri, 20 Oct 2000, Mark Twiddy wrote:
> Hi all
>
> How can i pass a string to a sql method that won't be quoted.
>
> i.e so i can do somthing like this
>
> .
> ggroup by foo,blah
> order by
>
don't use sqlvar... just put:
order by
works for me. (o8
>
> thanks mark
>
Have a better one
Hi all
How can i pass a string to a sql method that won't be quoted.
i.e so i can do somthing like this
.
group by foo,blah
order by
thanks mark
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cr