From: Martin Gainty Date: March 27 2009 8:58pm Subject: RE: Search based where claused and stored proc List-Archive: http://lists.mysql.com/mysql/216918 Message-Id: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="_712a0052-e490-4330-ab0f-b960c400e464_" --_712a0052-e490-4330-ab0f-b960c400e464_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Ben- did'nt see your solution? Martin=20 ______________________________________________=20 Disclaimer and confidentiality note=20 This message is confidential and may be privileged. If you are not the inte= nded recipient=2C we kindly ask you to please inform the sender. Any unaut= horised dissemination or copying hereof is prohibited. This message serves = for information purposes only and shall not have any legally binding effect= . Given that e-mails can easily be subject to manipulation=2C we can not ac= cept any liability for the content provided. > From: ben@stripped > To: mysql@stripped > Subject: RE: Search based where claused and stored proc > Date: Fri=2C 27 Mar 2009 13:43:51 -0500 >=20 >=20 >=20 > Ben Wiechman > Network Administrator > Wisper High Speed Internet > Office: 866.394.7737 > Direct: 320.256.0184 > Cell: 320.247.3224 > ben@stripped >=20 >=20 >=20 > > -----Original Message----- > > From: Gary Smith [mailto:Gary@stripped] > > Sent: Friday=2C March 27=2C 2009 12:59 PM > > To: mysql@stripped > > Subject: [MySQL] Search based where claused and stored proc > >=20 > > I'm working on a small project of re-implementing all of the sql for a > > web site. The task is pretty trivial but overall there are some minor > > things that I'm trying to code through. > >=20 > > We've moved much of the logic over to stored procs and call them with > > parameterized queries. This works well since there isn't much inject > > attack possibility on these. Now I have one query left=2C which allows > > for an arbitrary number of search parameters=2C all using AND. > >=20 > > Has anyone accomplished coverting something like this to a stored proc > > in mysql? > >=20 > > Logically I could pass in the parameters in as an array of words=2C or = a > > wordlist to be broken up inside the proc=2C but I don't want to spend a > > bunch of time either reinventing the wheel or working to a goal that > > can't be accomplished. > >=20 > > We could build the base query dynamically in the code using standard sq= l > > and bind the parameters to it that way but since we've moved everything > > else to procs I figured I'd look into this as well. > >=20 > > BTW=2C this is a project I brought onto after they found they had a sql > > injection bug in there code that was exploited... > > -- > > MySQL General Mailing List > > For list archives: http://lists.mysql.com/mysql > > To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dbenw@stripped > >=20 > >=20 >=20 >=20 >=20 >=20 > --=20 > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dmgainty@stripped= om >=20 _________________________________________________________________ Express your personality in color! Preview and select themes for Hotmail=AE= . http://www.windowslive-hotmail.com/LearnMore/personalize.aspx?ocid=3DTXT_MS= GTX_WL_HM_express_032009#colortheme= --_712a0052-e490-4330-ab0f-b960c400e464_--