Like

Hi guys!

I send this link to open a new page
<a href="http://www.kraft-fahrer.de/fahrerlist.asp?S_plz=6

I pick it up in a Sql string like this
"SELECT * FROM catman_fahrerkraft.fahrers Where Active = '1' AND PLZ LIKE " & Request("S_plz")

Now I need to add a % in the end to get all PLZ that start with a 6 in this case. How do I do that

Regards from a first time poster

Anders Svensson

 

Hi, try this (I'm assuming that the field PLZ is of type char/ varchar)

"SELECT * FROM catman_fahrerkraft.fahrers Where Active = '1' AND PLZ LIKE '" & Request("S_plz") & "%'"

Cheers
Markus

 

if you want just items starting with the character "6" do:

select from yourtable where yourcolumn like '6%'

Code (markup):

 

"SELECT * FROM catman_fahrerkraft.fahrers Where Active = '1' AND PLZ LIKE " & Request("S_plz")

Code (markup):

Depending on whether it's an administrative part of the website or not, you need to take great care in filtering inputs so that your website can't be compromised. Putting a Request straight into an SQL statement like that is not very secure. Try this:

FilteredPLZ = Replace(Request("S_plz"), "'", "")
FilteredPLZ = Replace(FilteredPLZ, ",", "")
FilteredPLZ = Replace(FilteredPLZ, "/", "")
'--------
"SELECT * FROM catman_fahrerkraft.fahrers WHERE [Active] = '1' AND PLZ LIKE " & FilteredPLZ & "%"

Code (markup):

See how i've placed [] around "Active". This is because "Active" sounds like a reserved word, which can cause other problems at runtime.

Also, normally, you would apply a lot more filters to "FilteredPLZ", but of course, you can choose which characters to filter out.

 

You should always use command parameters in your queries, this ensures protection against sql injection attacks, where somone may add sql statements to the querystring parameter and compromise your database security.

J