Patrick Vanhoucke wrote:
> I also thank Bill for sending me the information about wildcards and
> regular expressions. This creates a lot of possibilities, although in my
> opinion you can't offer all of them 'as is' to an end user (visitor of a
> website).

I agree. Typical users are not comfortable with regular expressions, so
a user interface should never ask them to enter one. It's also a bad
security risk to allow them to type in code, and then use their input in
your SQL statements. A malicious users might be able to insert a string
that could cause damage to your database.

Instead, offer more specific user interfaces (drop-down lists, radio
buttons, etc.) for all the options you do want them to choose, and then
your application builds a regular expression as a string, based on the
user's input to these other controls.

Regards,
Bill K.