Full text parameters in C#

Full text parameters in C#

am 07.01.2007 22:47:26 von zeyais

I have to run a full-text query something like this:

SELECT id, title, url, comments, modified_date as modifieddate FROM
clips WHERE IsActive = 1 AND
MATCH(title,url,comments) AGAINST ( SEARCHTERM IN BOOLEAN MODE );

In the query the search term is user provided. I am using C# and
command parameters to run queries. Using MySQL 4.1 and MyODBC 3.51. I
can only pass query terms as ? in the right order. If I try to replace
SEARCHTERM with ? it does not work. I have also tried ?SearchTerm. I
want to avoid string building to avoid sql injection.

Is it doable?

Re: Full text parameters in C#

am 26.01.2007 04:07:21 von zeyais

Switching to MySQL's .Net connector fixed the issue with named
parameters aka ?SEARCHTERM

Thanks for viewing.



On Jan 7, 1:47 pm, "zb" wrote:
> I have to run a full-text query something like this:
>
> SELECT id, title, url, comments, modified_date as modifieddate FROM
> clips WHERE IsActive = 1 AND
> MATCH(title,url,comments) AGAINST ( SEARCHTERM IN BOOLEAN MODE );
>
> In the query the search term is user provided. I am using C# and
> command parameters to run queries. Using MySQL 4.1 and MyODBC 3.51. I
> can only pass query terms as ? in the right order. If I try to replace
> SEARCHTERM with ? it does not work. I have also tried ?SearchTerm. I
> want to avoid string building to avoid sql injection.
>
> Is it doable?