I'm building a multi-database system, although my main targets are MySQL, Postgres, and SQLite. How would those handle something like "a string that ends in 100%"? On Monday 04 August 2008 6:18:24 pm Asher Snyder wrote: > Depending on what database you're using you might be able to use LIKE > while maintaining security. For instance PostgreSQL has the functions > quote_ident(), and quote_literal() which would allow you to use LIKE > since these functions would automatically make the string suitable for > comparison. > > So for instance in a stored procedure in PostgreSQL you could do: > > SELECT * FROM sometable WHERE quote_ident(column) LIKE quote_ident($1); > > Note that in the above line $1 would be the first parameter of the > stored procedure. > > -Asher > > Adam Richardson wrote: > > Like I said, I'm not 'especially pleased' with any idea up until now. > > I'm certainly open to any other ideas. > > > > Adam > > > > On Mon, Aug 4, 2008 at 6:57 PM, Larry Garfield <larry@xxxxxxxxxxxxxxxx>wrote: > >> Hm. So your solution is "don't use LIKE"? I can't say I'm wild about > >> that. :-/ > >> > >> --Larry Garfield -- Larry Garfield larry@xxxxxxxxxxxxxxxx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
