Search the Community

BACKGROUND: i have created a search box for users to query the Grammar Captive database with Natural Language functionality. As the query string results in a single variable that is read into an AGAINST statement (see below), I am concerned about the overall safety of my database and web application. QUESTION ONE: Is it possible to write a prepared statement with the value of an AGAINST clause as an unknown? If not, what must one do in order to prevent against SQL injection? WHAT I HAVE CREATED SELECT letter_no, letter_title, letter_abstract, submission_date, revision_date, MATCH (letter_title, letter_abstract, letter_body) AGAINST ('$search_input') AS letter_score FROM sevengates_letter WHERE MATCH (letter_title, letter_abstract, letter_body) AGAINST ('$search_input') ORDER BY letter_score DESC WHAT I WANT TO CREATE SELECT letter_no, letter_title, letter_abstract, submission_date, revision_date, MATCH (letter_title, letter_abstract, letter_body) AGAINST ('$search_input') AS letter_score FROM sevengates_letter WHERE MATCH (letter_title, letter_abstract, letter_body) AGAINST (?) ORDER BY letter_score DESC QUESTION TWO: Will the "What I want to create" version fly? Roddy

I feel so ashamed about this question, but I can't find a solution, and I hope you can help me.This is my code xml: <?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="C:/Program%20Files/XML%20Copy%20Editor/esercizi%20xml/prova2.xsl"?><TEI xmlns="http://www.tei-c.org/ns/1.0"><teiHeader> <fileDesc> <titleStmt> <title></title> </titleStmt> <publicationStmt><p>AA</p></publicationStmt> <sourceDesc><p>AA</p></sourceDesc> </fileDesc></teiHeader> <text> <body><div> <head>Titolo</head> <p>Scriverò un <rs>nome</rs> di luogo come questo: <rs key="Persia" type="luogo">Persia</rs>.</p> </div></body> </text></TEI> and this is what I wrote in my file xsl: <?xml version="1.0" encoding="UTF-8"?><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:tei="http://www.tei-c.org/ns/1.0" xmlns="http://www.w3.org/1999/xhtml" version="1.0"> <xsl:template match="/"> <back> <div> <xsl:value-of select="//rs"/> </div> </back> </xsl:template></xsl:stylesheet> The output is: <?xml version="1.0" encoding="UTF-8"?><back xmlns="http://www.w3.org/1999/xhtml" xmlns:tei="http://www.tei-c.org/ns/1.0"> <div/></back> I don't understand where is my error; I suppose it is in the namespace, but I can't find the solution.Thank you in advice! --- EDIT: I've found the solution, is:"//tei:rs"

Hello everyone, I am new to xsl and trying to adjust an existing template at work. I am trying to change the value of a tag via the xsl. Example: Is the value of the SC_DF_FIELD_2 field in xml is "inactive", I would like to to display as something like "retired". I saw some code that I have been trying to insert into the existsing document but I am unable to get it to work. When I look at the xml, it appears like below. <SC_DF_FIELD_2 display_name="Employee status" element_type="r"><![CDATA[inactive]]></SC_DF_FIELD_2> This was the code I received.<xsl:template match="A1[text() = '0']"><A1>AA</A1></xsl:template> I changed it to read <xsl:template match="SC_DF_FIELD_2[text() = 'inactive']"><SC_DF_FIELD_2>retired</SC_DF_FIELD_2></xsl:template> Is there something else I should be doing? Thanks for taking a look. Stephen