Full text parameters in C#

Discussion:

Full text parameters in C#

(too old to reply)

zb

2007-01-07 21:47:26 UTC

I have to run a full-text query something like this:

SELECT id, title, url, comments, modified_date as modifieddate FROM
clips WHERE IsActive = 1 AND
MATCH(title,url,comments) AGAINST ( SEARCHTERM IN BOOLEAN MODE );

In the query the search term is user provided. I am using C# and
command parameters to run queries. Using MySQL 4.1 and MyODBC 3.51. I
can only pass query terms as ? in the right order. If I try to replace
SEARCHTERM with ? it does not work. I have also tried ?SearchTerm. I
want to avoid string building to avoid sql injection.

Is it doable?

zb

2007-01-26 03:07:21 UTC

Switching to MySQL's .Net connector fixed the issue with named
parameters aka ?SEARCHTERM

Thanks for viewing.

Post by zb
SELECT id, title, url, comments, modified_date as modifieddate FROM
clips WHERE IsActive = 1 AND
MATCH(title,url,comments) AGAINST ( SEARCHTERM IN BOOLEAN MODE );
In the query the search term is user provided. I am using C# and
command parameters to run queries. Using MySQL 4.1 and MyODBC 3.51. I
can only pass query terms as ? in the right order. If I try to replace
SEARCHTERM with ? it does not work. I have also tried ?SearchTerm. I
want to avoid string building to avoid sql injection.
Is it doable?

1 Reply
1 View
Permalink to this page
Disable enhanced parsing

Thread Navigation

zb 2007-01-07 21:47:26 UTC

zb 2007-01-26 03:07:21 UTC

about - legalese

Loading...