Wisper High Speed Internet
> -----Original Message-----
> From: Gary Smith [mailto:Gary@stripped]
> Sent: Friday, March 27, 2009 12:59 PM
> To: mysql@stripped
> Subject: [MySQL] Search based where claused and stored proc
> I'm working on a small project of re-implementing all of the sql for a
> web site. The task is pretty trivial but overall there are some minor
> things that I'm trying to code through.
> We've moved much of the logic over to stored procs and call them with
> parameterized queries. This works well since there isn't much inject
> attack possibility on these. Now I have one query left, which allows
> for an arbitrary number of search parameters, all using AND.
> Has anyone accomplished coverting something like this to a stored proc
> in mysql?
> Logically I could pass in the parameters in as an array of words, or a
> wordlist to be broken up inside the proc, but I don't want to spend a
> bunch of time either reinventing the wheel or working to a goal that
> can't be accomplished.
> We could build the base query dynamically in the code using standard sql
> and bind the parameters to it that way but since we've moved everything
> else to procs I figured I'd look into this as well.
> BTW, this is a project I brought onto after they found they had a sql
> injection bug in there code that was exploited...
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: http://lists.mysql.com/mysql?unsub=1