[ic] Improving my search form
peter at pajamian.dhs.org
Tue Feb 9 05:57:28 UTC 2010
On 09/02/10 08:05, Marty Tennison wrote:
> Thanks, Paul. Yep, that would definitely bork IE I think. Also, this....
> WHERE brand = [brand-code]
> should probably be this...
> WHERE brand = "[brand-code] "
data uses single quotes in SQL, but to avoid injection problems you
would want to do this:
WHERE brand = [brand-filter dbi_quote][brand-code][/brand-filter]
...also just at a glance, but that second query looks borked to me.
You're trying to get the modles out of it but selecting distinct brand?
Don't you want distinct model?
Also I would probably replace the whole thing with a perl block that
does a single query instead of one query per brand, munges the data into
a hashref and then dumps it to JSON (via a very simple usertag).
More information about the interchange-users