[ic] Improving my search form

Peter peter at pajamian.dhs.org
Tue Feb 9 05:57:28 UTC 2010


On 09/02/10 08:05, Marty Tennison wrote:
> Thanks, Paul.  Yep, that would definitely bork IE I think.  Also, this....
> 
> WHERE brand = [brand-code]
> 
> should probably be this...
> 
> WHERE brand = "[brand-code] "

data uses single quotes in SQL, but to avoid injection problems you
would want to do this:

WHERE brand = [brand-filter dbi_quote][brand-code][/brand-filter]



...also just at a glance, but that second query looks borked to me.
You're trying to get the modles out of it but selecting distinct brand?
 Don't you want distinct model?

Also I would probably replace the whole thing with a perl block that
does a single query instead of one query per brand, munges the data into
a hashref and then dumps it to JSON (via a very simple usertag).


Peter



More information about the interchange-users mailing list