In a vendor's database that the company I work for, they have some expressions that I don't think I have ever seen:
FROM CO_ITEM_MASTER WHERE smartpart_num = '%'
I have seen = '%Text%'
and I know what that means, but if there is no text along with the '%' what does that mean?
I also have the following:
AND (lower(CO_ITEM_MASTER.ITEM_NUM) like lower('%%%')
What does the '%%%' mean when there is no text between the '' characters?
% means
Match Any string of zero or more characters.
Because a zero length string matches this can be repeated as many times as desired without affecting the semantics and will return any row where ITEM_NUM is not NULL.
It is of course pointless to use more than one, perhaps this is code generated by code rather than a human.
Related
I was practicing SQL injection skill, and I found that I could put = and LIKE in a single statement.
However, I'm not sure what does this mean and why it works?
SELECT 1 FROM users WHERE name='' LIKE '%'
So, what does that mean when I put = and LIKE in a statement, and when would I write something like this?
I am guessing that you are using MySQL, because this is syntactically correct in MySQL. It treats boolean types as numbers (which will be converted to integers and strings).
So, your code should be parsed as:
WHERE (name = '') LIKE '%'
This is because = and LIKE have the same precedence, and when operators have the same precedence, they are evaluated left-to-right (as explained in the documentation).
This, in turn evaluates to one of these three possibilities:
WHERE 1 LIKE '%' -- when name = ''
WHERE 0 LIKE '%' -- otherwise when name is not null
WHERE NULL like '%'
The first two will always evaluate to true. The third would discard any row where name is null.
(in MySQL and other popular DBMS) The LIKE operator is used to search for a specified pattern in a column. It admits "%" as a wildcard that represents zero, one, or multiple characters.
Your query always passes because the string '' meets this wildcard (zero characters). Incidentally, almost anything will. Some DBMS will react differently to such a query though.
I have a column that has values that look like the following:
17_data...
18_data...
1801151...data
The data isn't the cleanest in this columns, so I am trying to use a LEFT function to identify the rows that have the 2017 year followed by an underscore LEFT(column, 3) = '17[_]' This doesn't return a single column. So to troubleshoot, I added this WHERE clause to the SELECT statement to see what was getting returned, and I got the value 175 where the actual first three characters are "17_".
Why is this, and how can I structure my WHERE clause to pick up those rows?
When you tried adding 'where' with a rule of LEFT(column, 3) = '17[_]', it was doomed to fail. Operator '=' performs exact comparison: both sides must be equal. That is, it would look for rows whose first 3 characters (left,3) are equal to 17[_], that is, 5 characters, one, seven, bracket, underscore, bracket. Text of 3 characters will not exactly-match 5 characters, ever.
You should have written simply:
WHERE LEFT(column, 3) = '17_'
I guess that you've got the idea for adding a bracket from reading about LIKE patterns. LIKE operator allows you to look for strings contained at start/end/middle of the data.
WHERE column LIKE 'mom%' - starts with mom
WHERE column LIKE '%dad' - ends with dad
and so on. LIKE supports '%' meaning "and then text of any length", and also "_" meaning "and then just one character". This forms a problem: when you want to say "starts with _mom", you cannot write
WHERE column LIKE '_mom%'
because it would also match 9mom, Bmom, and so on, due to _ meaning 'any single character'. That's why in such cases, only in LIKE, you have to write the underscore in brackets:
WHERE column LIKE '[_]mom%' - starts with _mom
Knowing that, it's obvious that you could construct your 'starts with 17_' with LIKE as well:
SELECT column1, column2, ..., columnN
FROM sometable
WHERE column LIKE '17[_]%'
I need a like expression that will match a character whether or not it exists. It needs to match the following values:
..."value": "123456"...
..."value": "123456"...
"...value":"123456"...
This like statement will almost work: LIKE '%value":%"123456"%'
But there are values like this one that would also match, but I don't want returned:
..."value":"99999", "other":"123456"...
A regex expression to do what I'm looking to do is 'value": *?"123456"'. I need to do this in SQL Server 2008 and I don't believe there is good regex support in that version. How can I match using a like statement?
Remove the whitespace in your compare with REPLACE():
WHERE REPLACE(column,' ','') LIKE '%"value":"123456"%'
May need a double replace for tabs:
REPLACE(REPLACE(column,' ',''),' ','')
I don't think you can with the like operator. You could exclude ones you could match, like if you want to make sure it just doesn't contain other:
[field] LIKE '%value":%"123456"%` AND [field] NOT LIKE '%"other"%'
Otherwise I think you'd have to do some processing on the string. You could write a UDF to take the string and parse it to find the value for 'value' and compare based on that:
dbo.fn_GetValue([field], 'value') = '123456'
The function could find the index of '"' + #name + '"', find the next index of a quote, and the one after that, then get the string between those two quotes and return it.
I've got the following code:
SELECT ItemName
FROM skuDetails
WHERE skuDetails.SkuNumber = '" & search & "'
OR
skuDetails.ItemName = '%' + #search + '%'"
Basically I've got a database of items and each item has a "SKU number" which is a unique number for each item. In VB.NET I have a form where you type in either the SKU number or the name of the item into a text box and then press enter to search the database for that number or a similar name to the one you searched.
The "search" variable in the code above is the text in the textbox which the user searches.
The first WHERE statement works but the second after the OR doesn't. I expect it's something to do with how I've used the wildcard. Is there anything wrong with that statement?
Thanks in advance!
You should use LIKE rather than equals operator in order to use pattern matching:
OR skuDetails.ItemName LIKE '%' ...
MSDN: Pattern Matching in Search Conditions
The LIKE keyword searches for character string, date, or time values
that match a specified pattern. For more information, see Data Types
(Transact-SQL). The LIKE keyword uses a regular expression to contain
the pattern that the values are matched against. The pattern contains
the character string to search for, which can contain any combination
of four wildcards
To use a wildcard, you have to say LIKE '%' + #search + '%'
Be careful though, you are opening yourself up to SQL Injection attacks with this kind of code.
I have a table with a field that denotes whether the data in that row is valid or not. This field contains a string of undetermined length. I need a query that will only pull out rows where all the characters in this field are N. Some possible examples of this field.
NNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNN
NNNNNEEEENNNNNNNNNNNN
NNNNNOOOOOEEEENNNNNNNNNNNN
Any suggestions on a postcard please.
Many thanks
This should do the trick:
SELECT Field
FROM YourTable
WHERE Field NOT LIKE '%[^N]%' AND Field <> ''
What it's doing is a wildcard search, broken down:
The LIKE will find records where the field contains characters other than N in the field. So, we apply a NOT to that as we're only interested in records that do not contain characters other than N. Plus a condition to filter out blank values.
SELECT *
FROM mytable
WHERE field NOT LIKE '%[^N]%'
I don't know which SQL dialect you are using. For example Oracle has several functions you may use. With oracle you could use condition like :
WHERE LTRIM(field, 'N') = ''
The idea is to trim out all N's and see if the result is empty string. If you don't have LTRIM, check if you have some kind of TRANSLATE or REPLACE function to do the same thing.
Another way to do it could be to pick length of your field and then construct comparator value by padding empty string with N. Perhaps something like:
WHERE field = RPAD('', field, 'N)
Oracle pads that empty string with N's and picks number of pad characters from length of the second argument. Perhaps this works too:
WHERE field = RPAD('', LENGTH(field), 'N)
I haven't tested those, but hopefully that give you some ideas how to solve your problem. I guess that many of these solutions have bad performance if you have lot of rows and you don't have other WHERE conditions to select proper index.