Search the Community
Showing results for tags 'against'.
-
BACKGROUND: i have created a search box for users to query the Grammar Captive database with Natural Language functionality. As the query string results in a single variable that is read into an AGAINST statement (see below), I am concerned about the overall safety of my database and web application. QUESTION ONE: Is it possible to write a prepared statement with the value of an AGAINST clause as an unknown? If not, what must one do in order to prevent against SQL injection? WHAT I HAVE CREATED SELECT letter_no, letter_title, letter_abstract, submission_date, revision_date, MATCH (letter_title, letter_abstract, letter_body) AGAINST ('$search_input') AS letter_score FROM sevengates_letter WHERE MATCH (letter_title, letter_abstract, letter_body) AGAINST ('$search_input') ORDER BY letter_score DESC WHAT I WANT TO CREATE SELECT letter_no, letter_title, letter_abstract, submission_date, revision_date, MATCH (letter_title, letter_abstract, letter_body) AGAINST ('$search_input') AS letter_score FROM sevengates_letter WHERE MATCH (letter_title, letter_abstract, letter_body) AGAINST (?) ORDER BY letter_score DESC QUESTION TWO: Will the "What I want to create" version fly? Roddy
- 18 replies
-
- mysql
- prepared statements
-
(and 2 more)
Tagged with:
-
hello w3s again.. i have a question, since its not against the rules, i was thinking of asking before doing anything stupid action. the question is if i could release my work?, i mean. for instance. not WHOLE websites, but parts of the codes, i mean. for instance when i am done with a project to my website (lets say a news-tool) that can have drop-down boxes with jquery and so on,would it be against the rules to release those codes to the board here to share the codes i have been developing and others might find usefull in the feature?.. -thanks in advance!