MSSQL LIKE and IN statements in ADO problem
Steve Holden
steve at holdenweb.com
Wed Jan 18 12:13:19 EST 2006
gregarican wrote:
> Sorry forgot to explain that with the string substitution stuff you can
> escape the percent sign by doubling it up. In my example I wanted to
> retain the leading percent sign before the value, in this case I wanted
> LIKE %raj to appear. So I doubled it up. That's why there are three
> percent signs in a row. The last one is the one associated with the
> string substitution for the name variable. Make sense?
>
Now Google for "sql injection vulnerability" and tell us why this is a
bad idea.
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/
More information about the Python-list
mailing list