Groups | Search | Server Info | Login | Register

Groups > comp.databases.mysql > #7801

Re: Escaping Strings

From "J.O. Aho" <user@example.net>
Newsgroups comp.databases.mysql
Subject Re: Escaping Strings
Date 2024-08-25 09:27 +0200
Message-ID <lj04n3Fli7tU1@mid.individual.net> (permalink)
References <v748rm$tapm$2@dont-email.me> <ligh9mFb2hjU1@mid.individual.net> <va8se0$otgt$4@dont-email.me> <liqmd6Fr82iU1@mid.individual.net> <vado22$1igfq$4@dont-email.me>

Show all headers | View raw

On 25/08/2024 00.49, Lawrence D'Oliveiro wrote:
> On Fri, 23 Aug 2024 07:52:38 +0200, J.O. Aho wrote:
> 
>> On 23/08/2024 04.33, Lawrence D'Oliveiro wrote:
>>
>>> On Mon, 19 Aug 2024 11:24:06 +0200, J.O. Aho wrote:
>>>
>>>> I would looked into using parameterized queries ...
>>>
>>> There are lots of cases they don’t handle. Like for example LIKE and
>>> REGEXP operands.
>>
>> LIKE:
>> select * from table where column1 like ?;
> 
> Like: you want to do a partial match on what the user typed. And what
> the user typed can include characters like “%” and “_”, which you
> don’t want to be mistaken for wildcards.
> 
> Another example: can your parameterized queries handle dynamic SQL
> like this?

did you try to wrap it into a stored procedure?

Back to comp.databases.mysql | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-07-15 22:46 +0000
  Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-19 11:24 +0200
    Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-08-23 02:33 +0000
      Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-23 07:52 +0200
        Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-08-24 22:49 +0000
          Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-25 09:27 +0200
            Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-09-05 06:11 +0000

csiph-web