MSSQL LIKE and IN statements in ADO problem
Steve Holden
steve at holdenweb.com
Wed Jan 18 12:52:05 EST 2006
Raja Raman Sundararajan wrote:
> Yes, the statement you tried is a valid statement
> also
>
>>>>name = "%'WAITFOR DELAY '00:00:03'--%"
>>>>"SELECT * FROM tb_name WHERE firstname LIKE '%s'" % name
>
> is also valid.
> My question is how to use the LIKE statements using ADO.in python
> :-|
>
Raja:
I don't use ADO at all any more, but I suspect that the answer is to
take the search parameter provided by the user, add a "%" at the
beginning and the end, and then use the resulting value as a parameter
to the query.
I will shortly have to solve the same sort of problem, but in my case
using the DBAPI. Let me know if this works.
The problem, of course, is that a query parametere can only replace a
SQL token, not a part of one.
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/
More information about the Python-list
mailing list