We will get id from user in this form:
"A-123456-14"
and want to search in database with simple id in this form :
123456
I have tried
select * from orders where id = '%' + searchId + '%';
here id = 123456 in database and searchId = 'A-123456-14' which get from user.
but its not working as its not properly
(A : is prefix, - is delimiter and 14 is postFix)
Please help me to solve this problem.
you can use:
SELECT * FROM orders WHERE WHERE 'A-123456-14' REGEXP '[:punct:]' + id + '[:punct:]';
in above you can replace 'A-123456-14' with user input searchId
i have tried its work fine
SELECT
*
FROM
orders
WHERE
id = SUBSTRING_INDEX(
SUBSTRING_INDEX(searchId, '-', 2),
'-',- 1)
EDIT:
If you want to make everything dynamic then you can try this (You should post delimiter as a parameter also, if it is dynamic).
SELECT
*
FROM
orders
WHERE
id = SUBSTRING_INDEX(
SUBSTRING_INDEX(searchId, delimiter, 2),
delimiter, - 1)
Try this:
SELECT * FROM orders WHERE searchId LIKE CONCAT('%-', Id, '-%')
I would definitely remove the bits of the string you don't need using your programming language of choice (e.g. Java or PHP or whatever you are using), not in SQL. Then just use select * from orders where id = ? and set the parameter to be "%"+id+"%" in your programming language.
Programming languages are for programming, logic, parsing etc., SQL is for defining what you'd like to get from your data
Don't forget to use parameters like ? otherwise you could open yourself up to SQL injection.
Related
SELECT * FROM users WHERE REPLACE(username, '.', '_') = 'username_without_dots'
I read about $replaceAll but it is not helping.
In my query, first I am replacing existing record and then comparing, e.g there are usernames like
harry.potter
j.k rowling,
robert downy jr.
so what will happen is that DOTs(.) in these names will be replaced by UNDERSCORE( _ ) so the result will be:
harry_potter
j_k rowling,
robert downy jr_
after that comparing with searched string.
So lets say I am searching harry_potter
SELECT * FROM users WHERE REPLACE(username, '.', '_') = 'harry_potter'
Output will be:
harry.potter
Maybe try this:
db.users.find({$and:[{"username":/^[^.]*$/},{"username":"username_without_dots"} ] } )
MySQL column:
phone = '(999)-666-333'
String to search '999666333'
Is there a way I could search by transforming the value '(999)-666-333' within WHERE command?
I want to strip all non-digits and leave only digits.
something like:
select * from users where regex(phone, '[0-9]') = '999666333';
Something like this works in my case:
SELECT * FROM users WHERE REGEXP_REPLACE(phone, '[^0-9]', '') = '999666333';
I am using rails-4.2.1 and is trying to fetch data from two tables subjects and elective_subjects table in a single query. As rails 4 does not support UNION , I wrote a raw sql query. I want to search by name in both tables. My code is given below
query = "(SELECT id as id, name as name, reference as reference from subjects where name like '#{search}') UNION (SELECT id as id, name as name, null as reference from elective_subjects where name like '#{search}')"
#subjects = ActiveRecord::Base.connection.execute(query)
It is working but when I provide ' in my search the query breaks. So how can I make it a prepared statement. So that sql injection can be avoided
This question is super old and no cares anymore, but I think it is a valid question, so here's the answer:
query = "(SELECT id as id, name as name, reference as reference from subjects where name like $1)
UNION
(SELECT id as id, name as name, null as reference from elective_subjects where name like $1)"
binds = [ActiveRecord::Relation::QueryAttribute.new('name', search, ActiveRecord::Type::Text.new)]
result = ApplicationRecord.connection.exec_query(query, 'SQL', binds, prepare: true)
#subjects = result.rows
That's how you create and use a prepared statement in rails.
I have solved the issue by escaping the search string using following statement.
search = Mysql2::Client.escape(search)
I basically want to be able to take any non nested SQL string and convert it to the SQL to get the count all with the same regex.
It just has to be able to match anything between SELECT and FROM one time and replace with count(*) but I haven't allocated experience points to leveling up my regex yet.
i.e.
SELECT col1, col2 FROM my_table where..." to "SELECT count(*) FROM my_table where...
Or
SELECT * FROM my_table where..." to "SELECT count(*) FROM my_table where...
Why not just do
SELECT COUNT(*) from ( <insert original sql here> ) as X
For a regex, you could use a simple one demonstrated here.
Essentially we replace whatever is in between SELECT and FROM with COUNT(*). Details are at the link as well.
Note that this will assist you in your thinking but is no way tested in depth. Please run some tests on your own.
You could also use the link to generate code in Python, JavaScript etc.
Edit 1: the link was enclosed as a code snippet and so did not work. Removed the code meta tag.
I always believe regex should be used when you have no simpler or any option at all. In your case, you can do this with simple SQL logic instead of regex. You can pass the original query as-is to your MySQL procedure or whatever and do this:
set #inputQuery = 'SELECT col1, col2 FROM my_table where id = 1'; -- you will pass this
set #startIndex = locate('select', #inputQuery) + char_length(rtrim('select'));
set #endIndex = locate('where', #inputQuery);
set #subString = substring(#inputQuery, #startIndex, #endIndex - #startIndex);
set #finalQuery = replace(#inputQuery, #subString, ' count(*) ');
select #finalQuery;
Output:
SELECT count(*) where id = 1
In MySQL, you can use SQL_CALC_FOUND_ROWS and then FOUND_ROWS() with any query. So:
SELECT SQL_CALC_FOUND_ROWS . . .
FROM . . .
Then to get the number of rows:
SELECT FOUND_ROWS()
This is defined in the documentation.
I have a column with datatype varchar using MySQL database. Suppose the value from a web form that gets saved in this column is : 2/4/2013
My search query goes like:
SELECT * FROM tbl WHERE colValue LIKE %2/4/2013%
But, it is crashing. For any other string am getting correct results. But, is it the forward slash which makes it crash. How can this be fixed ?
Regards !
since you want to select for specific date, why not use =
SELECT * FROM tbl WHERE colValue = '2/4/2013'
but if the data type of the column is DATE or DATETIME, use proper formatting although mysql automatically converts it,
SELECT * FROM tbl WHERE colValue = '2013-02-04'
For Using like operator you could use DATEPART() function...
select * from tbl
where (DATEPART(yy, colValue) = 2013
AND DATEPART(mm, colValue) = 04
AND DATEPART(dd, colValue) = 02)
Like this you can do like in SQL
Use an escape character for the /. The mysql escape character is the \.