I will escape the parameter at first and then concat the sql string when querying.
So when I concat query strings using like:
const name = mysql.escape(req.info.name)
const sqlString = `select...name like '%${name}%'`
It will lead to select ... where name like '%'hello'%',
but what I want is select ... where name like '%hello%'
Related
I am trying to pass array of cities to the IN clause but seems inverted commas are removed while preparing query
Here is the code
let city = ["Moscow", "Paris"];
let sql = 'SELECT* FROM cities WHERE city IN ('+city+')';
console.log(sql);
and in the console I am getting this
SELECT* FROM cities WHERE city IN (Moscow, Paris);
and thus getting exception while executing query!
Any help?
Try this, it will work
var sql = "SELECT uid FROM cities where city IN ('" + gender.join("','") + "')";
Result :-
SELECT uid FROM cities where city IN ('Male','Female')
Using a Query Builder is a preferable method but a possible solution if you have a long array:
let stringifiedValues = JSON.stringify(city).replace(/\[|\]/g,'');
let sql = `SELECT * FROM cities WHERE city IN (${stringifiedValues})`;
Use the map function to transform all items in your array. You want to add quotes to the items like this Moscow => 'Moscow'
Use the join to gather the transformed items into a string. The delimiter can be specified as an argument like this array.join(', ')
Use template literals (string interpolation) to inject your string in your query. Like this ${str}
const city = ["Moscow", "Paris"];
const injectedString = city.map(c => `'${c}'`).join(', ');
let sql = `SELECT * FROM cities WHERE city IN (${injectedString})`;
console.log(sql);
How can I select from database by given string and mysql to return the row on same string with diacritics?
select * from myTable where nume = "Stefan"
and the row from database that should be returned:
id = 1
name = "Ștefan"
You can search like:
SELECT * from myTable
where
CONVERT(nume USING utf8) LIKE '%Stefan%'
But this is a bit unclear, as MySql already know how to search for strings with diactritics.
I have a mysql query in java like
public static BusObjectIterator<con.PROJECT_EMP> GetEmpObjectsforOrgandMultipleCategory(String ORG, String CATEGORY)
{
String query=select * from PROJECT_EMP where org = :ORG and category=:CATEGORY;
.....
return ...
}
Here the param ORG will have single value like xyz and CATEGORY String may have multiple values like Cat1,Cat2 etc..,
So dynamically i would like to frame query using REGEX to replace the comma separated string values like
select * from PROJECT_EMP where org = 'xyz' and category in ('Cat1','Cat2');
Thanks.
You can use FIND_IN_SET() function instead of RegEx
Try this:
SELECT * FROM PROJECT_EMP WHERE org = :ORG AND FIND_IN_SET(category,:CATEGORY);
how to return string exclude query string it self.
column string = AAA/BBB/CCC
result string = BBB/CCC where column like AAA
column string = AAA/BBB/CCC
result string = CCC where column like AAA/BBB
"SELECT DISTINCT `column` FROM `table` WHERE `column` like '???'";
Thank you.
select distinct replace(column, 'AAA/BBB/', '') as column
from table
where column like 'AAA/BBB/%';
I have procedure with a single string parameter to retrieve records from my table test which has two fields id(int) and Name(varchar).
the query in the procedure is shown below
Select * from test where id in (strParam);
and value in the parameter will be
strParam="1,2";
but the result will be wrong because query will be as shown below
Select * from test where id in ('1,2');
but i need the query to be like shown below
Select * from test where id in (1,2);
please help me with a solution
the programming language is C#
thanks,
suraj
Usually you construct the SQL correctly in your programming language:
Select * from test where id in ('1,2');
should come from your application code, where it's easier to change strParam="1,2"; to strParam="'1','2'":
Split (explode) the string into an array
escape each element in the array (using the correct MySQL-ESCAPE function)
Join (implode) the array back into a string,
If you really can't change the application code, maybe some SQL tricks could work. Try:
SELECT * FROM test where FIND_IN_SET(ID,strParam) > 0
Not sure if this is the most efficient way:
Explode the value strParam to an array and then build up the string you need in the query:
<?php
$arrayParam = explode(',', $strParam);
$strParamQuery = '(';
foreach ($arrayParam as $Param) {
if ($strParamQuery != '(') { $strParamQuery = $strParamQuery.','; //Add a comma to all but the first occurence
$strParamQuery = $strParamQuery.$param;
}
$strParamQuery = $strParamQuery.')';
$query = 'Select * from test where id in '.$strParamQuery.';';
?>