Web Wiz - Solar Powered Eco Web Hosting

  New Posts New Posts RSS Feed - Data disappears using the Like % Operator
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Data disappears using the Like % Operator

 Post Reply Post Reply
Author
RCorr View Drop Down
Groupie
Groupie


Joined: 21 January 2003
Status: Offline
Points: 126
Post Options Post Options   Thanks (0) Thanks(0)   Quote RCorr Quote  Post ReplyReply Direct Link To This Post Topic: Data disappears using the Like % Operator
    Posted: 06 July 2003 at 5:40pm

I am searching my database using the Like keyword. I have implemented asp paging to display the results over several pages. I noticed that when I click on next page, I lose my SQL Statement. I solved this by passing along the SQL Statement, e.g. filename.asp?page=2&SQLStament.

My SQL Statment works, however it doesn't like the % in the LIKE keyword when move from page 1. This is my SQL Statement:

rSqlText= SELECT * FROM qryTaskSpecficWorks WHERE UCase(Author) Like '%GRAFF%'

When page 2 is displayed my SQL Statement becomes:

rSqlText= SELECT * FROM qryTaskSpecficWorks WHERE UCase(Author) Like '_AFFð/LM/W3SVC/1/ROOT

I believe this happens because it doesn't know the difference between a space in the address bar (%20) and the % in the Like Clause.

Any assistance would be appreciated.

RCORR

Back to Top
ljamal View Drop Down
Mod Builder Group
Mod Builder Group


Joined: 16 April 2003
Status: Offline
Points: 888
Post Options Post Options   Thanks (0) Thanks(0)   Quote ljamal Quote  Post ReplyReply Direct Link To This Post Posted: 06 July 2003 at 6:56pm
Never pass a SQL statement as a variable, it leaves you open to SQL injection attacks. if I was to use the statement:
delete from qryTaskSpecficWorks
the page would run it and delete qryTaskSpecficWorks.

To remedy your problem, I suggest just passing the values uses to create the intial SQL query. That way you just re-create the SQL statement without leaving yourself open to SQL injection attacks.

For more information about SQL injection, I suggest searching for SQL injection in your favortie search engine.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.07
Copyright ©2001-2024 Web Wiz Ltd.


Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Policy

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2024 Web Wiz Ltd. All rights reserved.