Ben Wiechman
Network Administrator
Wisper High Speed Internet
Office: 866.394.7737
Direct: 320.256.0184
Cell: 320.247.3224
ben@stripped
> -----Original Message-----
> From: Gary Smith [mailto:Gary@stripped]
> Sent: Friday, March 27, 2009 12:59 PM
> To: mysql@stripped
> Subject: [MySQL] Search based where claused and stored proc
>
> I'm working on a small project of re-implementing all of the sql for a
> web site. The task is pretty trivial but overall there are some minor
> things that I'm trying to code through.
>
> We've moved much of the logic over to stored procs and call them with
> parameterized queries. This works well since there isn't much inject
> attack possibility on these. Now I have one query left, which allows
> for an arbitrary number of search parameters, all using AND.
>
> Has anyone accomplished coverting something like this to a stored proc
> in mysql?
>
> Logically I could pass in the parameters in as an array of words, or a
> wordlist to be broken up inside the proc, but I don't want to spend a
> bunch of time either reinventing the wheel or working to a goal that
> can't be accomplished.
>
> We could build the base query dynamically in the code using standard sql
> and bind the parameters to it that way but since we've moved everything
> else to procs I figured I'd look into this as well.
>
> BTW, this is a project I brought onto after they found they had a sql
> injection bug in there code that was exploited...
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?unsub=1
>
>
