Re: [Zope] MySQL LIKE operator

[Phill Hugo]

> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 12, 2000 11:03 AM
> > To: [EMAIL PROTECTED]
> > Subject: [Zope] MySQL LIKE operator
> >
> >
> > Hello,
> >
> > I'm writing a search query to a MySQL database.  I want to keep
> > people from screwing around with my database by running searches like ";
> > delete from ... yada yada.  So I should use , right?  But
> > what if I want to use LIKE?
> >   If I say:  WHERE goo LIKE "%%"  then
> > effectively I am saying: WHERE goo LIKE "%'somestring'%".  In other
> > words, it will match only the string with the single quotes.  I hope
> > this makes sense.  Has anyone faced a similar problem?
> >   Thanks for any help
> >
> > --Aaron

Here's a sample of some larger scale SQL with just the thing your
looking for in it.

SELECT *
FROM users

 
 
 
 user_name LIKE 
 

 
 user_firstname LIKE 
 

 
 user_lastname LIKE 
 

 
 user_age LIKE 
 

 
 user_town LIKE 
 

 
 user_email LIKE 
 

ORDER BY
user_name

Hope this helps

Phill

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

RE: [Zope] MySQL LIKE operator

[Ron Bickers]

You should be able to use something like this (untested):



That way you get the SQL quoting without the surrounding quotes.

___

Ron Bickers
Logic Etc, Inc.
[EMAIL PROTECTED]


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 12, 2000 11:03 AM
> To: [EMAIL PROTECTED]
> Subject: [Zope] MySQL LIKE operator
> 
> 
> Hello,
> 
> I'm writing a search query to a MySQL database.  I want to keep
> people from screwing around with my database by running searches like ";
> delete from ... yada yada.  So I should use , right?  But
> what if I want to use LIKE?
>   If I say:  WHERE goo LIKE "%%"  then
> effectively I am saying: WHERE goo LIKE "%'somestring'%".  In other
> words, it will match only the string with the single quotes.  I hope
> this makes sense.  Has anyone faced a similar problem?
>   Thanks for any help
> 
> --Aaron
> 
> 
> ___
> Zope maillist  -  [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
> 
> 

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )