On Wed, May 29, 2002 at 07:12:16PM -0700, Stephan Vladimir Bugaj wrote:
I'm trying to do a "like" query in a database...
I've created a ZSQL thing like this select foo,bar from xxx <dtml-sqlgroup where> <dtml-sqltest ABC op=like type=string> </dtml-sqlgroup> order by foo
simplify, simplify, and safety. First, an actual working snippet. select * from brands where brand like '<dtml-var brand sql_quote>%' Note the sql_quote. It is urgent, if you ever have any, even accidental exposure to the Internet. ALWAYS use sqlvar or sql_quote. (Yeah, I can think of some exceptions, but they just pass the work off into a pre-validation routine.) Now, this has not been tested, but should work fine: select foo,bar from xxx <dtml-if bah> where baz like '<dtml-var bah sql_quote>%' </dtml-if> order by foo Jim Penny