[ic] Search out from a form
John Young
interchange-users@icdevgroup.org
Wed Jul 2 15:29:00 EDT 2003
Peter wrote:
> You could try
>
> [query
> sql="select * from products where (sku like '%[cgi
> mv_searchspec]%'
> or description like '%[cgi mv_searchspec]%'
> or prod_group like '%[cgi mv_searchspec]%'
> or category like '%[cgi mv_searchspec]%')
> and not product_filter = 'b2b'
> order by category"
> type=list
> list=1
> st=db
> ]
> [list]
> [sql-param first_column], [sql-param second_column],
> [sql-param etc_column] <br>
> [/list]
> [/query]
If you do something like the above, be sure to filter the CGI
values. Otherwise, you are open to SQL-injection attacks.
John Young
More information about the interchange-users
mailing list