I need to use a string query to make a DB search for a C# program that interacts with MySQL server. What I want to find is a name that is 'like' one of my other variables (nameVar)
I have the following query in a C# program
string q = "SELECT *
FROM TABLE
WHERE name is like %?nameVar%";
As soon as execute the query in my program I get a syntax error telling me that syntax near
'like' is incorrect. As soon as I remove the "%" sign, it works fine.
I am confused, is mandatory to remove the % sign while building a query string?
Your parameter is replacing the ?nameVar part, including quotes. If the param is "TEST", your query gets presented as
string q = "SELECT *
FROM TABLE
WHERE name is like %'TEST'%";
As you can see, the % signs are out of place. either include them from the C# program into namevar, or change the query to
string q = "SELECT *
FROM TABLE
WHERE name is like '%' + ?nameVar + '%'";
you need to quote the query:
string q = "SELECT * from table where name is like '%?nameVar%'";
Strings in SQL need to be enclosed in single quotes:
string q = "SELECT *
FROM TABLE
WHERE name LIKE '%?nameVar%' ";
Also, there's no IS operator when using LIKE.
I think the correct syntax is:
SELECT * FROM table WHERE fields LIKE '%phrase%'
I think you have to leave out 'is'.
MySQL Pattern Matching
Related
I tryed some wildcards in Access in Where statement, but they don't works. For example:
This query SELECT staff.* FROM staff;returns:
I tryed to do a query with wildcard SELECT staff.* FROM staff WHERE (staff.s_name LIKE "A%");
but it returns an empty table:
What is the reason? My wildcard doesn't work
(s_name is the second column)
(look that "firstname" is the tag of "s_name" only for the view)
Wildcard character in Access is *, not % unlike in SQL Server.
See MSDN for details.
No, no, no, use '*', not '%'. Or, use 'Like'.
http://www.techrepublic.com/article/10-tips-for-using-wildcard-characters-in-microsoft-access-criteria-expressions/
https://www.techonthenet.com/access/queries/like.php
https://www.techonthenet.com/access/queries/like2007.php
For instance:
Like 'm*'
Result: all values that start with m
Like 'm'
Result: all values that contain m
Like '*m'
Result: all values that end with m
When I examine the SQL query the Linq spits out, I noticed that it places a ESCAPE N'~' when doing a LIKE command. How do I get rid of this? It seems like the query takes twice as long with the ESCAPE is in the SQL.
Here is the LINQ
var SearchPhrase = "xyz";
var result = (from i in db.myTable
where i.col1.contains(SearchPhrase)
select i).toList();
When I look at the actual SQL it looks something like this:
SELECT
[Extent1].Col1
FROM myTable As [Extent1]
WHERE [Extent1].Col1 LIKE #p__linq__3 ESCAPE N'~'
Apparently,
var SearchPhrase = "xyz";
var result = (from I in db.myTabl
where i.col1.contains(SearchPhrase)
select I).toList();
will add ESCAPE N'~' in the underlying query.
However using a constant filter like the following, doesn't produce escape characters in the underlying query
var result = (from I in db.myTabl
where i.col1.contains("xyz")
select I).toList();
Which means, variable filters are escaped, while constants are not.
So, in this case, we need a variable to be used as a constant filter.
Using the following, shouldn't add any escape characters:
var SearchPhrase = "xyz";
var result = (from I in db.myTabl
where SqlMethods.Like(i.col1, string.Format("%{0}%", SearchPhrase))
select I).toList();
but this works only with LINQ to SQL.
The other alternative is to embed the variable value as a constant, which is done using the following as explained in the SO article
Linq to Sql use '`' as it's default escape character when doing like comparisons. It will only cause a problem if your string actually contains ~ characters.
Use SqlMethods.Like to override this.
If you use LINQ 2 Entities, use SqlQuery to remove the "~" character.
Just append the value to compare like an ordinary sql query.
For example:
var resultList = context.TableName.SqlQuery(
"SELECT * FROM TableName WHERE field LIKE '%" + fieldValue+ "%' ").ToList();
When querying a string column, if the search parameter has a " ' " in it, the execution fails due to a syntax error. I tried to use an escape sequence character (if thats how its called), but it still does not work.
SELECT * FROM OpusOne.Accounts WHERE firstName like '%jose\'%'
What would be the correct way to add a quote " ' " to a string parameter ?
Thank you
Try this:-
SELECT * FROM OpusOne.Accounts WHERE firstName like '%jose''%'
Escape using another single quote.
How to write a regular expression to match a string if at least 3 characters from the start are matching?
Here is how my SQL query looks right now -
SELECT * FROM tableName WHERE columnName REGEXP "^[a-zA-Z]{3}someString";
You cannot use CONCAT or alike with REGEX, it will fail. Easiest way to do it, is:
$query = 'SELECT * FROM Test WHERE colb REGEXP "^'.substr($mystring,0,3).'"');
Another is:
SELECT * FROM Test WHERE LEFT(colb, 3) LIKE "{$mystring}%"
Please use jQuery and jqSQL plugin. Note that symbol $ must be escaped in SQL query with this plugin.
I am creating an Ajax autocomplete application and would like know if there is an SQL query I can use for this purpose - e.g if someone types "p" I would like to retrieve all words beginning with "p", if they add "e" retrieve all words starting with "pe" - and continue like that.
Someone suggested the query below but I don't think it's what I'm looking for:
$query = "SELECT* FROM nametable WHERE names LIKE '$partialstring' ";
$query = "SELECT* FROM nametable WHERE names LIKE '$partialstring%' ";
I've added % only on the right side since you would like to have only the words that are beginning with the input letters.
However, please don't use this query until you've filtered it against SQL injections.
This should work:
$query = "SELECT * FROM nametable WHERE names LIKE '$partialstring%'"
The %is the wildcard character in SQL.
Edit: And yes, please sanitize that input.
Apart from regular special chars, you have to escape those with a special meaning in LIKE clauses.
I haven't fully tested the code but it should be something like this, assuming you are using PHP and the good old mysql extension (you don't mention):
$escape = '|';
$like = strtr(
mysql_real_escape_string($partialstring),
array(
'%' => $escape . '%',
'_' => $escape . '_',
$escape => $escape . $escape,
)
);
$query = "SELECT names FROM nametable WHERE names LIKE '$like%' ESCAPE '$escape' ORDER BY names LIMIT 10";
Also, don't forget to create an index on the names column.
Assuming you are sanitising that input, it should be something like:
$query = "SELECT* FROM nametable WHERE names LIKE '$partialstring%' ";
You can run a query like what Henning and others have written. And, yes, please sanitize the input to prevent injection attacks. I have also found this method to be rather slow when there are a lot of records. If you wish to match 'Bush' in the word 'GeorgeWBushSenior' ,the above said method wont work. In which case you have to use the query
select name from nametable where name like '%match%';
Try looking at the mysql full text query method. Its extremely handy in some cases.