We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
WORKAROUND
If you do not want to instruct users to add the wildcard character to
their queries, you can add the wildcard to the query data in the IDC file.
In an IDC file, the single percent (%) sign is used to delimit the
variables that are passed to it from the HTML form. Therefore, use two
percent signs (%%) to insert the wild-card.
For example, given a form defined like this:
<FORM METHOD="POST" ACTION="/scripts/getprod.idc">
<P>Enter Name of product: <INPUT NAME="prdname">
<P><INPUT TYPE="SUBMIT" VALUE="Run Query">
</FORM>
In the Internet Database Connector file, GETPROD.IDC, you can append a wild-
card to the user's input with the following sytax:
SQLStatement:
+ SELECT * from products
+ where prod_name like '%prdname%%%'
If the user types in the word "paper" as input to the form, the resulting
query (after translation of the variables) is:
SELECT * from products where prod_name like 'paper%'
This selects any row from the database where the product name starts with
the word "paper," followed by other characters.