Re: Question - Query based on WHERE OR
От | Ragnar |
---|---|
Тема | Re: Question - Query based on WHERE OR |
Дата | |
Msg-id | 1168641139.19451.10.camel@localhost.localdomain обсуждение исходный текст |
Ответ на | Question - Query based on WHERE OR ("Mike Poe" <trolling4dollars@gmail.com>) |
Список | pgsql-general |
On mið, 2007-01-10 at 17:38 -0800, Mike Poe wrote: > I'm a rank newbie to Postgres & am having a hard time getting my arms > around this. > > I'm trying to construct a query to be run in a PHP script. I have an > HTML form were someone can enter either a last name or a social > security number & then query the database based on what they entered. > > My query looks like this: > > SELECT foo, baz, bar FROM public.table WHERE lastname ~* '$lastname' OR > ssn='$ssn'" > > I need to leave the last name a wildcard in case someone enters a > partial name, lower case / upper case, etc. note that you really should not be using values directly from user input for $lastname and $ssn without doing some sanity checks on them. consider for example the user submitting a string containing a quote character. most languages provide functions to make such input safe. gnari
В списке pgsql-general по дате отправления: