Re: Get records beginning with certain letter

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

James Jones wrote:
<%
SQL_Get_Videos = "Select * FROM videos WHERE Artist LIKE '" & ltr &
"%'" rs.Open SQL_Get_Videos , conn

Oh! Don't do this! You are leaving your database and website vulnerable to
hackers using SQL Injection
(http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23)

Use parameters, instead; preferably via a saved parameter query :
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/b3d322b882a604bd

or, use a Command object like this:
http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

If you use this technique, your sql string should be:
SQL_Get_Videos = "Select * FROM videos " & _
"WHERE Artist LIKE ? & '%'"



IF rs.EOF Then
%>No videos by artist beginning with the letter <%=ltr%>
<%
Else
%>



how would i get it to search for it beginning with numbers?

ltr is defined by a querystring

if the user selects "0-9" then it should show any video beginning
with the numbers 0-9. But since ltr is defined by the querystring, i
cant get it to search for the string that i was given in previous
post.

It always helps to tell us the details. When you said "search for numbers" I
assumed you were talking about a numeric field. It never hurts to show us a
few rows of sample data, along with a description of the names and datatypes
of the fields involved.

So it sounds as if you have a Text field, containing strings some of which
begin with numbers: 0Abc, 3edf, etc. Correct?

Well, with Jet, you can do this:

" ... WHERE Left(fieldname,1) IN ('0','1', ..., '9')"
(you need to fill in the ... with the rest of the numbers)

This will not perform very well because it will not be able to use an index
if you have created one on the field. But then again, no other search method
will anyways. You would be better off creating a separate numeric field to
hold just the first character of the text you wish to search, creating an
index on that field. You could use the ascii code for the character, or
simply use -1 for alpha characters, and 0-9 for numeric characters.

Bob Barrows
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


.

Relevant Pages

  • [TOMOYO #15 3/8] Common functions for TOMOYO Linux.
    ... This file contains common functions (e.g. policy I/O, pattern matching). ... Since TOMOYO Linux is a name based access control, ... TOMOYO Linux's string manipulation functions make reviewers feel crazy, ... the Linux kernel accepts all characters but NUL character ...
    (Linux-Kernel)
  • RfD: Escaped Strings version 4
    ... the S" string can only contain printable characters, ... the S" string cannot contain the '"' character, ... as an escape character for the entry of characters that cannot be ... \b BS (backspace, ASCII 8) ...
    (comp.lang.forth)
  • RfD: Escaped Strings version 4
    ... the S" string can only contain printable characters, ... the S" string cannot contain the '"' character, ... as an escape character for the entry of characters that cannot be ... \b BS (backspace, ASCII 8) ...
    (comp.lang.forth)
  • Re: RfD: Escaped Strings
    ... the S" string can only contain printable characters, ... the S" string cannot contain the '"' character, ... \b BS (backspace, ASCII 8) ... \ ** escapes to characters much as C does. ...
    (comp.lang.forth)
  • Re: A note on computing thugs and coding bums
    ... code is valid for any character set that is legal in C (which is a ... characters in the required source character set ... A String, in C Sharp or Java, can be redefined. ... allow programmers to handle some other data format, ...
    (comp.programming)