Be very careful using that approach. As long as you tightly protect the value of keyword...you are OK, but SQL injection will bring you to your knees if keyword = "x';drop table table;--", becuase it will execute perfectly with most drivers..and quietly drop your table, too.
The solutions that Jared and Sven suggested are not vulnerable to that. Larry On 2/16/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > We found it out: > > Select * from table where label '%$keyword$%' > > Thanks > > -----Original Message----- > From: Sven.Boden [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 16, 2006 3:25 PM > To: [email protected] > Subject: Re: Using percentages with like and parameter > > > > Should also work: > > select * from table where label like '%' || #keyword# || '%' > > Regards, > Sven > > > >----- Oorspronkelijk bericht ----- > >Van: Jared Blitzstein [mailto:[EMAIL PROTECTED] > >Verzonden: donderdag, februari 16, 2006 03:08 PM > >Aan: [email protected] > >Onderwerp: Re: Using percentages with like and parameter > > > >The way I've done it is actually set the %'s when you setup > >#keyword#. So myObject.setKeyword("%myliketerm%"); > > > >On Feb 16, 2006, at 8:42 AM, [EMAIL PROTECTED] wrote: > > > >> > >> > >> Hello, > >> > >> I have the following select : > >> > >> Select * from table where label like #keyword# > >> > >> Does anyone know how to add the % percentages before and after the > >> keyword. > >> > >> I tried it before and after but ibatis does not accept it. > >> So I'm doing it in my class that calls the query but would like to > >> know if there is another solution. > >> > >> Thanks, > >> > >> Hilde > >> > >> > >> > > > > > >
