New users ask about fuzzy query to prevent SQL injection. // create a table model $ news_table = new nbsp; news (); // Create an adapter $ db = $ news_table- gt; getAdapter (); // prepare the SQL statement $ SQL = $ db- gt; quoteInto ("beginner's advice on how to prevent SQL
SQL Server uses fuzzy query to process special characters.
Today, when I was dealing with SQL queries, I encountered the like Query problem, so I analyzed the problem.
Problem:
Select * from v_workflow_rt_task_circulate where Name like '% [admin] application for leave of absence [to] %'
The data cannot be queried, but it exists in the database.
After modific
Tags: mapper exist select up/down expression name mode handle prevent SQL injection , everyone is not unfamiliar, is a common way of attack. An attacker could enter some strange SQL fragment (such as "or ' 1 ' = ' 1 ') on the form information or URL of the interface, potentially invading an application with insufficient parameters . Therefore, we need to do some work in our application to guard against suc
SQL Fuzzy query statement:For SQL Fuzzy queries, using the like comparison word, plus the wildcard characters in SQL, please refer to the following:1. Like ' mc% ' will search for all strings (such as McBadden) that begin with the letter Mc.2. Like '%inger ' will search for
In our project development, we often encounter the requirements of multiple conditional fuzzy queries. There are two common solutions for this: one is to stitch the SQL string at the end of the program, construct the corresponding SQL string based on whether a condition is selected, and use the dynamic SQL statement in
New users ask how to prevent SQL injection to create a table model $ news_tablenew nbsp; news (); create an adapter $ db $ news_table- gt; getAdapter (); prepare the SQL statement $ SQL $ db- gt; quoteInto (select nbsp; title, pubDate nbsp; from nbsp; new beginner's advice on how to prevent SQL injection through
Label:SQL Fuzzy Queryin the database query, there is a complete query and fuzzy query points. General Fuzzy query statements are as follows:
SELECT field from table WHERE a field like condition
With regard to the conditions, SQL provides four matching modes:1,%: Represents any 0 or more ch
In the actual development often encounter the same keyword need to multi-field fuzzy query, such as a user table in the Input keyword query may be to the user name, user name, contact phone fields such as fuzzy queryIf written as: where UserName like '% ' keyword% ' or fullName as '% ' keyword% ' or mobile kind '% keyword% ' This way will result in very low performance, hundreds of thousands of data may be
For more information about SQL fuzzy queries, see the following:1. Like 'mc % 'searches all strings starting with MC (for example, mcbadden ).2. Like '% Inger' searches all strings ending with the letter Inger (such as ringer and Stringer ).3. Like '% en %' searches for all strings (such as Bennet, green, and mcbadden) containing the letter en at any position ).4. Like '_ heryl' searches for names (such as
For more information about SQL fuzzy queries, see the following:
1. Like 'mc % 'searches all strings starting with MC (for example, mcbadden ).2. Like '% Inger' searches all strings ending with the letter Inger (such as ringer and Stringer ).3. Like '% en %' searches for all strings (such as Bennet, green, and mcbadden) containing the letter en at any position ).4. Like '_ heryl' searches for names (such a
Wangfeng"Auxiliary sorting using caseSELECT *From T_user Fwhere F.nameLike'% Wang Feng% 'Orderby (casewhen f.name = ' Wang Feng ' then 1 when f.name Like Wang Feng% ' then 2when f.name like '% Wang Feng ' then 3when f.name like "% Wang Feng% ' then 4 Span class= "Hljs-keyword" >else 0end) limit 0,50; The query results are:Equal to the addition of a virtual column to assist in sorting;First match the full = =, and then follow the rules
Fuzzy query:Reference: http://www.w3school.com.cn/sql/sql_wildcards.aspYou can use SQL wildcard characters when searching for data in a database.SQL wildcard likeThe SQL wildcard can override one or more characters when searching for data in a database.SQL wildcard characters must be used with the LIKE operator.In
Tags: range includes height one san percent implementation span SQL Fuzzy Query in the database query, there is a complete query and fuzzy query points.General Fuzzy query statements are as follows:
SELECT field from table WHERE a field like condition
With regard to the conditions,
IamlaosongSQL query statement using% to do fuzzy query, the program generally requires users to enter some information, based on this information fuzzy query. For example, user input 340104, the following statement is to query yesterday customer code 340104 beginning with all the message information:SELECT * from tb_evt_mail_clct t where t.clct_date = Trunc (sysdate-1) and t.sender_cust_code like ' 340,1
Label:In the database query, there is a complete query and fuzzy query points.General Fuzzy query statements are as follows:
SELECT field from table WHERE a field like condition
With regard to the conditions, SQL provides four matching modes:1,%: Represents any 0 or more characters. Can match
Label:Fuzzy query:where MC like ' value ': The return value is equal to where MC = ' value 'where MC like '% value ': Match name is ' * value ' (End with "value") all data, * denotes any value of any length;where MC like '% value% ': Returns all data that contains "value".where MC like ' value 1_ value 2 ': Returns all data in the form "Value 1* value 2", * represents any one by one characters.where MC like ' value [AB] value ': Returns all data equal
Label:The first is the problem of fuzzy query, I started with the following conditions: SELECT * from the user where name like '% #value #% '. But how can not, as if also reported wrong. Later on the internet found a solution, is to use $ to replace the # number.1> write: Like '% $value $% ' can be,2> also found another method, but that method I tried for a long time, is not, the method is: like '% ' | | #value # | | '% ', the query came out of the re
options parameter--Sstr and Ssub for Chinese character strings, from the sstr inside according to the pronunciation of similar rules to find ssub--options:big5:0: General option, 1: Do not differentiate en Ch Sh with z C S, 2: Arbitrary order, 3: including 1 and 2 (GBK)--Gbk:8: General option, 9: Do not differentiate en Ch Sh with z C S, 10: arbitrary order, 11: including 1 and 2 (GBK)CREATE FUNCTION fn_cnlike (@sstr VARCHAR (8000), @ssub VARCHAR (8000), @options SMALLINT)RETURNS SMALLINT asBEG
if exists (SELECT * from dbo.sysobjects WHERE id = object_id (N ' [dbo].[ F_sql] and Xtype in (n ' FN ', n ' IF ', n ' TF '))
Drop function [dbo]. [F_sql]
Go
if exists (SELECT * from dbo.sysobjects WHERE id = object_id (n ' [ordinal] ') and OBJECTPROPERTY (ID, n ' isusertable ') = 1)
drop table [ordinal tables]
Go
--For efficiency, you need an auxiliary table to match
Select Top 1000 id=identity (int,1,1) into ordinal tables
From syscolumns A,syscol
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.