I'm using an Xml field in my Sql Server database table. I'm trying to search a word using the XQuery contains method but it seems to search only in case sensitive mode. The lower method isn't implemented on Sql Server XQuery implementation also.
¿Is there a simple solution to this problem?
If you're using SQL Server 2005, I'm afraid you're out of luck.
If you're using SQL Server 2008, you can use the upper-case function like this :
DECLARE #x xml = N'abcDEF!#4';
SELECT #x.value('fn:upper-case(/text()[1])', 'nvarchar(10)');
Here's a link on MSDN for the upper-case syntax and a couple search examples :
http://msdn.microsoft.com/en-us/library/cc645590.aspx
First link from google points to MSDN page:
contains Function (XQuery)
In order to get case-insensitive
comparisons, the upper-case or
lower-case functions can be used.
Related
Consider below query containing both Persian(a right to left language) and English(a left to right language):
SELECT 'نرم افزار SQL سرور'
the required result is this string :
سرور SQL نرم افزار
Is there any function or any other way to converting string from ltr to rtl??
It is required to add N before string literal: SELECT N'نرم افزار SQL سرور'. This is needed to correctly interpret contained Unicode characters. (Source)
Important: In some cases, please avoid using standard copy-paste in order to put SELECT into SSMS command window. This could affect the RTL/LTR order. Instead, try to open correctly composed file using File > Open.
And regarding your comment:
the result should be : سرور SQL نرم افزار`
I admit I understand RTL writing system only partially, but from what I can see, Persian words are put to the output exactly in order as you entered them (even if reading right to left). Could you show me based on Unicode Bidirectional Algorithm or similar standards document why the word order should be changed by SQL Server? Shouldn't be change you expect made by preprocessing on another place, sending expected string form SELECT N'سرور SQL نرم افزار'? I see no point why just SQL SELECT should perform the change. If it did, what would happen if you feed result of such a SELECT into another SELECT? Another transformation? I have reasons to think that SQL server is interpreting your input technically correctly.
Hint: maybe you can try to surround your RTL text by different Directional formatting characters.
Please try the same SELECT with MySQL server at SQL Fiddle. Different server and technology, but the same result as Microsoft SQL Server gave.
Result from SSMS with MS SQL Server:
Conclusion: in order to get expected result, please form the input accordingly.
Related: Transformation of word order you expected can be done by appropriate settings in user interface.
When we add digit with english this will again not work following solution will work
SELECT nchar(8234)+ N' 33-M ' + N'کلینک کمرہ نمبر' +nchar(8236) + N'میں تشریف لائیں'
The following statements return different SOUNDEX values in SQL Server 2012 while they produce the same value in SQL Server 2008:
PRINT SOUNDEX('BAKHSHI') --B200
PRINT SOUNDEX('Bakhshi') --B220
Has anyone else had this issue in SQL Server 2012 and knows how to get around it?
According to https://msdn.microsoft.com/en-us/library/bb510680.aspx:
SOUNDEX function implements the following rules: If upper-case H or
upper-case W separate two consonants that have the same number in the
SOUNDEX code, the consonant to the right is ignored If a set of
side-by-side consonants have same number in the SOUNDEX code, all of
them are excluded except the first. The additional rules may cause the
values computed by the SOUNDEX function to be different than the
values computed under earlier compatibility levels. After upgrading to
compatibility level 110, you may need to rebuild the indexes, heaps,
or CHECK constraints that use the SOUNDEX function. For more
information, see SOUNDEX (Transact-SQL)
So you might want to try following Microsoft's upgrade path advice. Also, SOUNDEX is collation sensitive - are your 2012 DB collations the same as your 2008 collations?
On searching msdn, I found a built-in function called HASHBYTES(). Not sure if that can be used to get a result that DBMS_UTILITY.get_hash_value() gives in oracle.I am using SQL Server 2008. Thanks in advance.
HASHBYTES is close, but uses presets for certain algorithms (e.g. SHA1 or MD5)
You can't choose the base or length like you can with DBMS_UTILITY.GET_HASH_VALUE()
You may have to roll your own to emulate it exactly but I'd see this as a backwards step...
Comparison in SQL built-in functions in Oracle and SQL Server on below given link
http://dotnet-bm.blogspot.in/2013/08/comparison-in-sql-built-in-functions-in.html
In postgresql database have one function btrim(string text [, characters text]).
For examples
btrim('xwxpostsqlwwx', 'wx')
In this function return value postsql.
Like this I need to do in SQL Server 2005. Is there any similar builtin function available in SQL Server?
REPLACE, SUBSTRING,CHARINDEX
http://msdn.microsoft.com/en-us/library/ms181984.aspx
I don't know of any exact equivalent, but you should be able to achieve the same results using SQLServer's Regular Expression functionality.
I believe there is no such a built-in function, but you can create your own if you like. You can find an example of a function doing exactly what you want here (at the bottom of the page).
The website i worked was recently attempted to be hacked by the following SQL injection script
boys' and 3=8 union
select 1,
concat(0x232425,ifnull(`table_name`,0x30),char(9),ifnull(`table_rows`,0x30), char(9),0x252423),
3,4,5,6,7,8,9
from `information_schema`.`tables`
where table_schema=0x62646B3032 limit 44,1 -- And '8'='8
This injection returned the mysql table name. This was reported by the error reporting system on that website and we managed to fix that part however I am not able to understand what does the above injection mean?
Anyone can explain this?
Penuel
They're using a select from the Information Schema views in mysql server :
http://dev.mysql.com/doc/refman/5.0/en/information-schema.html
They use some clever hacks to rout out simple sql injection prevention techniques.
According to this the MySQL concat()
Returns the string that results from
concatenating the arguments. May have
one or more arguments. If all
arguments are nonbinary strings, the
result is a nonbinary string. If the
arguments include any binary strings,
the result is a binary string. A
numeric argument is converted to its
equivalent binary string form
So 0x232425 is converted to #$% which is simply added to the begining and end of the table_name field. Maybe just to make it easier for them to pull out the Table names later using Regex.
Later on the char(9) is equivalent to a tab as you can see here and is just there to format the output nicer.
The 3,4,5,6,7,8,9 is just there so that the columns match the boys table that they are performing the Union on.
This injection returned the mysql table name.
Do you mean that your website displayed the table name when you gave it this input, or that the query returns that when run from the mysql client? If it showed on your website, then the attacker has the ability to inject much more harmful queries. Check your data.