This question already has answers here:
SQL Server LIKE containing bracket characters
(3 answers)
Closed 10 months ago.
I am trying to select certain stored procedures within my database.
What I want is all stored procedures that start with Get_ but I cannot get proper results. It seems to ignore the _ for some reason. Running SQL Server 2019 developer version.
Here is my code:
select *
from information_schema.routines
where routine_type = 'PROCEDURE' and specific_name like 'Get_%'
The underscore _ character is a wildcard in SQL Server t-sql. Use LIKE 'Get[_]%' to explictly match an actual underscore in the string.
From the documentation - "[ ] (Wildcard - Character(s) to Match)":
Matches any single character within the specified range or set that is
specified between brackets [ ]. These wildcard characters can be used
in string comparisons that involve pattern matching, such as LIKE and
PATINDEX.
Related
This question already has answers here:
Cannot simply use PostgreSQL table name ("relation does not exist")
(18 answers)
I keep getting the error "relation [TABLE] does not exist"
(1 answer)
PostgreSQL "Column does not exist" but it actually does
(6 answers)
Omitting the double quote to do query on PostgreSQL
(5 answers)
Closed 2 years ago.
In Postgres, when I run any query using only the table name, I receive the error below:
ERROR: relation "transactions" does not exist
LINE 2: SELECT * FROM TRANSACTIONS
^
SQL state: 42P01
Character: 16
To get around that I need to use "schema.table" format - which makes the queries very long and clunky.
SELECT * FROM public."TRANSACTIONS"
I only have 1 schema - public. I have already tried to set the search_path to public but it doesn't help. Any suggestion?
You can set search path:
SET search_path TO public;
If it doesn't work check what is your search path after setting by:
SHOW search_path;
See documentation: https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATH
Also note that double quoting object names in PostgreSQL matters. Maybe your search_path is correct but table was created as double quoted "TRANSACTIONS". PostgreSQL converts only unquoted names to lowercase (in all statements), so if you type SELECT FROM TRANSACTIONS it will become SELECT FROM transactions which will correctly yield error that transactions relation doesn't exist (only TRANSACTIONS does). You can check your table name as seen by PostgreSQL by running \dt - display tables (that will also prove your search_path is set correctly).
TLDR; you don't want to double quote anything unless you have good reason for that.
See documentation on quoting here: https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS
Looks like you are having trouble with double quoting identifiers ("), which should be avoided if at all possible. If an identifier is double quoted it MUST ALWAYS be double quoted. Thus the the following statements are not the same: Select * from TRANSACTIONS; and Select * from "TRANSACTIONS";
Since public."TRANSACTIONS" works for you try double quoting without the schema:
select * from "TRANSACTIONS";
If that works then make sure to always double quote. Or better, before too far into it, rename it eliminating double quotes.
This question already has answers here:
How to escape ampersand in TOAD?
(3 answers)
Closed 3 years ago.
I've seen a bunch of related posts, but none yet that resolve my specific question.
In Oracle SQL I need to do something like this:
SELECT field1 "Eggs&Cheese"
FROM table1;
But it reads the &Cheese and wants to do parameter substitution. I just want the field name to be Eggs&Cheese
I saw this post Escape ampersand with SQL Server, but Oracle does not like the bracket [] syntax.
And also Escaping ampersand character in SQL string, but that is escaping the ampersand in a value string, not a label string.
The substitution is related to tool you are using and has nothing to do with column alias.
db<>fiddle demo
Depending on the tool you could disable it like "set define off".
Related: Set define off not working in Oracle SQL Developer & How to escape ampersand in TOAD?
You have to set the escape. Works in Oracle SQL Developer.
set escape \
SELECT field1 "Eggs\&Cheese" FROM table1;
After your work is done you can set it off.
set escape off
This question already has answers here:
What does N' stands for in a SQL script ? (the one used before characters in insert script)
(7 answers)
Closed 5 years ago.
What does it mean N'some string' in SQL Server. I mean if I can use it to prevent against SQL Injection?
For example:
... LIKE N'%somePattern%'
Is SQL Injection safe ?
The N has nothing to with SQL injection. You need to use it when you use unicode data
From msdn:
Prefix Unicode character string constants with the letter N. Without
the N prefix, the string is converted to the default code page of the
database. This default code page may not recognize certain characters.
It means the string is an nchar as opposed to a char (see What is the difference between char, nchar, varchar, and nvarchar in SQL Server?)
It's purely about the datatype - nothing to do with SQL injection at all.
This question already has answers here:
How can sanitation that escapes single quotes be defeated by SQL injection in SQL Server?
(6 answers)
Closed 3 years ago.
Hello I am going through some SQL injection examples and I have the following scenario:
In this example, aware of the risk of SQL injection, the developer decided to block single quotes ' by removing any single quote ' in the query. However, there is still a way to break out of the SQL syntax and inject arbitrary SQL.
To do so, you need to think of the query:
SELECT * FROM users WHERE username='[username]' and password='[password]'
The problem here is that you cannot, in theory, break out of the single quotes ' since you cannot inject any quote. However, if you inject a back-slash \, the second ' in the query (the one supposed to finish the string [username] will be escaped and will be closed by the third one (the one supposed to start the string [password].
Doesn't this mean that if I input a "\" on the username field it will automatically break the query? and look something like
SELECT * FROM users WHERE username='[username] and password=' ..
Am I missing something ? Should I provide the backslash in another way?
Ok I have found the answer:
The username should be : \
and password : or 1#
Then the query will look something like this
SELECT * FROM users WHERE username = '\' AND password=' or 1#
This question already has answers here:
Check if string is SQL Server Reserved Keywords or not
(3 answers)
Closed 8 years ago.
How to check whether the given string is a reserved keyword in sql server.
I checked a lot in google ,but i didn't find one!!
for eg: If i am giving the input String as 'Order',sql statement should
return whether it is reserved keyword.
Is there any built-in stored procedures or function to do this? Any help would be appreciated.
There is no built-in function to do that.
Here is the list of the known identifiers.
http://technet.microsoft.com/en-us/library/ms189822.aspx
I suggest to put these in an table and use it in a function / stored procedure.