This question already has answers here:
Perform regex (replace) in an SQL query
(5 answers)
Closed 5 years ago.
I am in need of some help. Thanks to fellow user davids, I was able to get certain things working within SQL Server and am in need of some more help. Here is what I am trying to do:
UPDATE Table1 SET keyfield=(REPLACE(REPLACE(Column1,'http://*/folder/',''),'.avi',''))
UPDATE Table2 SET keyfield=(REPLACE(REPLACE(Column2,'http://server2/folder/',''),'.mpg',''))
Can anyone help me out or point me in the right direction to get the wildcard to work? This particular column, the * is an IP Address and it will change all the time. Granted I will know the IP's ahead of time and can probably do it one by one, but I would prefer to have it automatically replace. Thanks in advance!
You should look into regular expressions.
My google karma found this article in MSDN Magazine.
Edit:
See also:
Perform regex (replace) in an SQL query
Related
This question already has answers here:
Regular Expressions in MS Access VBA?
(2 answers)
Closed 4 years ago.
This is my first post, please be nice.
I want to know if it is possible to run similar to an Oracle regexp_match/regexp_replace in MSaccess 2010.
The code I usually use is something like
select * from table
where regexp_match(name, '^foo$')
How do I do this in Access,
Yes I have tried google search, unfortunately I was unsuccessful.
Do I have to use VBA for it, if so how?
Thank you, much appreciated
MS Access does not have built-in regular expression support.
However, this query:
select t.*
from table t
where regexp_match(t.name, '^foo$')
Is better written as:
select t.*
from table t
where t.name = 'foo';
Equality is more efficient in any database.
This question already has answers here:
How can prepared statements protect from SQL injection attacks?
(10 answers)
Closed 8 years ago.
I heard that separated SQL clause and args can protect against SQL injection. For example,
clause = SELECT * WHERE ID = ? AND NAME = ?
with ID = 23, and NAME = "Tom".
Can someone explain to me how it works?
Basically, you're making the distinction between data and the actual code (query part) very clear. You're telling the SQL server: this is clearly data and this is clearly code.
This way, you're basically skipping the part where the server has to pull apart the code and data from your query so there's no chance the server can misinterpret bits of data as part of your query.
Edit: as per the link in the comments, this answer pretty much answers your question much better than I've explained here.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
What does the colon sign “:” do in a SQL query?
Simple SQL question:
What does : stand for?
For example:
SELECT * FROM myTable
WHERE Employee_column = :P_EmplId;
The : isn't exactly easy to google when you don't know what this is called. Even searching here didn't help. I'm using Oracle 11g if that makes any difference.
It is a bind variable:
A placeholder in a SQL statement that must be replaced with a valid
value or value address for the statement to execute successfully. By
using bind variables, you can write a SQL statement that accepts
inputs or parameters at run time. The following example shows a query
that uses v_empid as a bind variable:
Most likely you took the query from a template. It is meant to be processed with php's MDB2 sql framework. The ":" (colon) signals a placeholder in the statement, meant to be replaced when the query is executed.
This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Site has been hacked via SQL Injection
Looks like one of my websites had a hacker attempt on it, my reports showed the following querystring data attempted:
QUERY_STRING = ID=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-
It failed because any integer parameter I always cast to an integer so you get mismatch errors if anything like this is tried (classic ASP). But I'm confused what the query above is attempting? It doesn't look like anything I've seen before.
take a look at:
Site has been hacked via SQL Injection
at a first look a guess it was some automatic tool doing some blind sql injection.
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
When should I use semicolons in SQL Server?
When we are writing a SQL script in T-SQL, should we end each statement with a semi-colon? Does semi-colon work like 'GO' keyword? As of now, I see that it doesn't really matter, but I would like to know which is the best practice?
It's good to get into the habit now because CTE/WITH and MERGE need it, as well as some Service broker stuff as mentioned in the other question. Of course, you could use ;WITH cTE AS ...
C# etc monkeys have been doing it for years.
It won't work with GO because it isn't a keyword. It's a directive for SSMS and other tools to break a larger script into batches.