SELECT numSerie, nomVehicule,model,AnneeModel
FROM Vehicule,Marque where Vehicule.idMarque = Marque.idMarque and Vehicule.numSerie
LIKE "%" OR Marque.nomVehicule LIKE "%"
this display something like this, it duplicates results
result
if you remove this part of code it works just fine
OR Marque.nomVehicule LIKE "%"
result 2
Your WHERE clause needs some work. Look at the boolean logic. When you don't enclose conditions in parenthesis, it evaluates the boolean operators left-to-right.
Switching to ANSI-92 SQL notation would solve the problem immediately. ANSI-92 notation is 25 years old and while database engines still run queries with older join notation just fine, using ANSI-92 join notation would have avoided this problem completely.
FROM Vehicule,Marque
WHERE (Vehicule.idMarque = Marque.idMarque)
AND ((Vehicule.numSerie LIKE "%") OR (Marque.nomVehicule LIKE "%"))
Or even better, in ANSI-92 notation::
FROM Vehicule
JOIN Marque ON (Vehicule.idMarque = Marque.idMarque)
WHERE Vehicule.numSerie LIKE "%" OR Marque.nomVehicule LIKE "%"
Related
I am trying to inject OR 1=1 into the query, but the there is a filter that filters out OR and AND. Printing the query shows up as "1=1" instead of "OR 1=1". Is there another approach to doing OR 1=1, or replacing OR with a different operator?
MySQL treats || as equivalent to OR, so you can use || 1=1
I'm trying to making a search option for my website project. I have to search 2 columns from 2 tables. After that, I'll write that query in my php code. Then it will list all the data about it. But it seems like I'm doing it wrong. What should I do?
select *
from mudurler,subeler,veriler
where mudurler.sube_id=subeler.sube_id
and veriler.sube_id=subeler.sube_id
and subeler.sube_ad like "%this%" or mudurler.adSoyad like "%that%"
When I go, if there is a valid value on sube_ad it works perfectly. But when i try to put valid value on adSoyad MySQL turns an empty result no matter what the value is.
You would have no problem if you used proper, explicit, standard JOIN syntax:
select *
from mudurler m join
subeler s
on m.sube_id = s.sube_id join
veriler v
on v.sube_id = s.sube_id
where s.sube_ad like '%this%' or
m.adSoyad like '%that%';
May be you should try:
and (subeler.sube_ad like "%this%" or mudurler.adSoyad like "%that%")
I have used LIKE statements before and have been spending ages rewriting the statement and not sure what I have done wrong. When the query is ran, it displays all records in the database when it should be showing a more narrow list.
The reason for using a LIKE statement is to make my advanced search facility more efficient by allow part of a "property name".
SQL Statement:
SELECT
*
FROM
properties
WHERE
PropertyName LIKE '%$PropertyName%'
OR PropertyLocation LIKE '%$PropertyLocation%'
OR PropertyType LIKE '%$PropertyType%'
OR PropertyBeds='$PropertyBeds'
OR PropertyRate >= '$PropertyRate1'
AND PropertyRate <= '$PropertyRate2'
Please note: The statement does work without using like and wildcards.
Your conditions are:
WHERE PropertyName LIKE '%$PropertyName%' or
PropertyLocation LIKE '%$PropertyLocation%' or
PropertyType LIKE '%$PropertyType%' or
PropertyBeds = '$PropertyBeds' or
PropertyRate >= '$PropertyRate1' and PropertyRate <= '$PropertyRate2'
If PropertyName, PropertyLocation, or PropertyType are empty strings, then you will return all the rows. That is my first guess on what is happening.
Perhaps you want AND as a connector rather than OR.
In my Django app, I need to generate a MySQL query like this:
SELECT * FROM player WHERE (myapp_player.sport_id = 4 AND (myapp_player.last_name LIKE 'smi%'))
UNION
SELECT * FROM player WHERE (myapp_player.sport_id = 4 AND (myapp_player.first_name LIKE 'smi%'));
I can't use Q objects to OR together the __istartswith filters because the query generated by the Django ORM does not use UNION and it runs at least 40 times slower than the UNION query above. For my application, this performance is unacceptable.
So I'm trying stuff like this:
Player.objects.raw("SELECT * FROM myapp_player WHERE (sport_id = %%s AND (last_name LIKE '%%s%')) UNION SELECT * FROM sports_player WHERE (sport_id = %%s AND (first_name LIKE '%%s%'))", (sport.id, qword, sport.id, qword))
I apologize for the long one-liner, but I wanted to avoid using a triple-quoted string while trying to debug this type of issue.
When I execute or repr this queryset object, I get exceptions like this:
*** ValueError: unsupported format character ''' (0x27) at index 133
That's a single-quote in single quotes, not a triple-quote. If I get rid of the single-quotes around the LIKE clauses, then I get a similar exception about the close-paren ) character that follows the LIKE clause.
Apparently Django and MySQL disagree on the correct syntax for this query, but is there a syntax that will work for both?
Finally, I'm not sure that my %%s syntax for string interpolation is correct, either. The Django docs suggest that I should be able to use the regular %s syntax in the arguments for raw(), but several online resources suggest using %%s or ? as the placeholder for string interpolation in raw SQL.
My sincere thanks for just a little bit of clarity on this issue!
I got it to work like this:
qword = word + '%'
Player.objects.raw("SELECT * FROM myapp_player WHERE (sport_id = %s AND (last_name LIKE %s)) UNION SELECT * FROM myapp_player WHERE (sport_id = %s AND (first_name LIKE %s))", (sport.id, qword, sport.id, qword))
Besides the fact that %s seems to be the correct way to parameterize the raw query, the key here was to add the % wildcard to the LIKE clause before calling raw() and to exclude the single quotes from around the LIKE clause. Even though there are no quotes around the LIKE clause, quotes appear in the query ultimately sent to the MySQL sever.
I've recently been required to input more information from my database and I've just LEFT JOIN to help me, it works almost perfectly(it does actually get the right field from the other table) but my WHERE clause is nullified giving the user access to both tables without the restriction of my where clause.
MySQL doesn't crap out any errors, so I'm assuming it's something to do with my where clause or something happened in the join.
SELECT * FROM students
LEFT JOIN courses ON students.appliedforCourse = courses.idNumber
WHERE
students.telephone LIKE '%$var'
OR students.email LIKE '%$var'
OR students.address like'%$var%'
OR (CONCAT(students.firstName,' ',students.lastName) LIKE '%$var%')
AND addedBy ='$userid'
LIMIT $s,limit
The query itself is correct (although really inefficient due to ORs and % % [ indexes will not be used] ).
I would suggest to echo the query, are you sure that $var is evaluated correctly ? Try to run the query directly in mysql (via phpmyadmin for example or using console).
I suspect that simply you did not set $var value. Then condition e.g. students.telephone LIKE '%$var' will become students.telephone LIKE '%' (always true for not null address), which will match every record of the join , exactly what you are getting.