You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ibatis.apache.org by ib...@incubator.apache.org on 2005/01/05 19:26:24 UTC

[Apache iBATIS Wiki] Updated: How do I use LIKE in my queries?

   Date: 2005-01-05T10:26:24
   Editor: BostjanDolenc
   Wiki: Apache iBATIS Wiki
   Page: How do I use LIKE in my queries?
   URL: http://wiki.apache.org/ibatis/How do I use LIKE in my queries?

   no comment

Change Log:

------------------------------------------------------------------------------
@@ -16,4 +16,4 @@
 
  select * from foo where value like '$parm$%'
 
-That still uses a Prepared``Statement, but the $parm$ gets inserted as a literal instead of a parameter. So, to get the same results as before, you would set parm to "x".
+That still uses a Prepared``Statement, but the $parm$ gets inserted as a literal instead of a parameter. So, to get the same results as before, you would set parm to "x". Note that this can be vulnerable to SQL injection attack, so make sure that all single quotes are escaped in parm.