I'm getting the error: Incorrect syntax near the keyword 'AS'.
I'm trying to select a column from my MSSQL database while NOT SELECTING the first character of that field.
Below is the code (Within PHP):
$sql = "SELECT RIGHT(Column, LEN(Column) - 1) FROM Table WHERE [Column] ='".$search."' AS Column2";
First of all. Please be careful. Your code looks vulnerable to an SQL injection. Better use paramterized queries.
The second "AS" at the end is not needed.
Try it that way:
SELECT RIGHT(Revlv, LEN(Revlv) - 1) AS Revlv2 FROM table_name WHERE [Objkt] ='".$search."'
Or better yet:
SELECT RIGHT(Revlv, LEN(Revlv) - 1) AS column_name FROM table_name WHERE [Objkt] = ?
Read more about parameterized queries here
Also take care when the Revlv column only contains an empty string. The query will fail in that case.
try this:
$sql = "SELECT RIGHT(Column, LEN(Column) - 1) AS Column2 FROM Table WHERE [Column] ='".$search."' ";
As all answers simply fix the syntax instead of fixing the logic:
There's no need to use RIGHT + LEN to extract everything but the first character, simply use
substring(Revlv from 2) AS Revlv2 -- Standard SQL to extract everything after the first character
As SQL Server has a slighty different syntax:
substring(Revlv, 2, 8000) AS Revlv2 -- T-SQL to extract everything after the first character
You need to put AS after the SELECT part of your query never put it at the end of your query. Try to do it like this
$sql = "SELECT RIGHT(Column, LEN(Column) - 1) AS Column2 FROM Table WHERE [Column] ='".$search."' ";
SOURCE
try this.
$sql="SELECT RIGHT(Revlv, LEN(Revlv)-1) AS Revlv2
FROM tablename where['objkt']='$search'";
Related
I try to make SQL to search some string in database.
In this spesification, The SQL must be dont display one string in database.
my sql like this :
$query = "SELECT * FROM `chatuser` WHERE CONCAT( `fullname`,`image`) LIKE '%".$search_string."%' NOT (`$string is not be displayed`) " ;
is that possible ?
Thanks for help
The correct syntax of LIKE and NOT LIKE as two conditions would be:
SELECT * FROM chatuser
WHERE CONCAT(CustomerName,ContactName) LIKE '%t%'
AND CONCAT(CustomerName,ContactName) NOT LIKE '%m%';
You miss AND Between conditions. Also you have to repeat CONCAT(CustomerName,ContactName).
In the example above we are looking for all CustomerName+ContactName with a t in any place but if it doesn't have an m in any place.
From the docs found at https://www.w3resource.com/mysql/comparision-functions-and-operators/not-like.php
Example: MySQL NOT LIKE operator with (%) percent
The following MySQL statement excludes those rows from the table author, having the 1st character of aut_name ‘W’.
Code:
SELECT aut_name, country
FROM author
WHERE aut_name NOT LIKE 'W%';
And so it seems would work in your situation.
I'm trying to write a mysql query that will match names from a table and the name in the database can contain dots or no dots. So, for example I would like my query string fast to match all of these: fast, f.ast, f.a.s.t etc.
I use PHP, with PDO connecting to a .MDB database.
I tried what I found here, with no success (I get error):
SELECT * FROM table WHERE replace(col_name, '.', '') LIKE "%fast%"
I think PDO for MDB databases is missing some functions :(
Any solution?
Thanks to Doug, I solved with:
$variable = implode("[.]", str_split($variable)) . "[.]";
and:
SELECT * FROM table
WHERE
col_name LIKE "%" . $variable ."%";
You cannot run the replace() function unless you are running the query through Access itself. You do however have a possible alternative, try the following:
SELECT * FROM table
WHERE
col_name LIKE "%fast%"
OR col_name LIKE "%f[.]a[.]s[.]t%";
The square brackets define an optional .
Or alternatively do it at PHP level with:
str_replace('.','',$var);
I don't know PHP at all, so I am struggling through this. I need to add an or section to a MySQL query, but the values I'm searching have double quotes. I need to figure out how to add them in PHP so they are passed in to MySQL. The current query looks like:
$query = 'SELECT * FROM ' .$tableName.' WHERE allowed_countries LIKE "%'.$regionId.'%" and skurules REGEXP "i:'.$secondlastdigit.';" and status = 1 ORDER BY id DESC LIMIT 1';
But I need to add an or statement to search for string values that looks like:
$query = 'SELECT * FROM ' .$tableName.' WHERE allowed_countries LIKE "%'.$regionId.'%" and skurules REGEXP "i:'.$secondlastdigit.';" or skurules REGEXP "s:1:'.$secondlastdigit.';" and status = 1 ORDER BY id DESC LIMIT 1';
with double quotes surrounding the second instance of '.$secondlastdigit.'; when passed into MySQL.
My JSON string I'm searching looks like this:
a:12:{i:1;s:2:"15";i:2;s:2:"10";i:3;s:2:"30";i:4;s:2:"50";i:5;s:3:"120";i:6;s:3:"240";i:7;s:3:"480";i:8;s:3:"960";i:9;s:4:"3786";s:1:"A";s:3:"100";s:1:"C";s:2:"60";s:1:"B";s:5:"18930";}
First of all: DON'T.
If you still want to, then...REALLY DO NOT.
Making SQL queries on serialized arrays is just hell. You should try to avoid it at all costs.
Either:
Convert the serialized column into a standard SQL table
or select the column into a PHP variable, unserialize it and search through it.
Example:
$properPhpArray = unserialize($sqlResult['column_name']);
Agreed, searching serialized string is not the best solution and what the developer did despite having a bottle_size table available. I needed a quick fix and no time/skill to rewrite a tax calculation magento extension so I used replace in the query to solve my problem for now.
Since "s:1:X" will always be just one alpha character after the 1 and will not match anything else. I change the query to:
$query = 'SELECT * FROM ' .$tableName.' WHERE allowed_countries LIKE "%'.$regionId.'%" and skurules REGEXP "i:'.$secondlastdigit.';" or replace(skurules,char(34),0) REGEXP "s:1:0'.$secondlastdigit.'0;" and status = 1 ORDER BY id DESC LIMIT 1';
Very hackish fix but gets me out of a bind for now..
Mark
I've a field that looks like this
1,13,15
If I try to make a search to find all rows than contains "1", then it's taking all rows that have 1 inside, and not only rows that says 1, [something], but also "11","13" etc.
I've tried with a like statement and wildcards, but without luck.
If you're using MySQL, use FIND_IN_SET, not LIKE.
WHERE FIND_IN_SET('1', columnname)
But the best solution is to normalize your schema so you don't have comma-separated values in a column.
If you are using MySQL you can use regexp to check such values
where column_name regexp '^1,|,1,|,1$|^1$'
When you say "1*" it finds everything that has a one and anything after that. Just narrow down your search and serach for:
field LIKE "1,%" OR field LIKE "%,1,%" OR field LIKE "%,1" OR field = "1"
You can search for "1," OR "1" OR ", 1".
if your field is '1,13,15' change it to ',1,13,15,'
and your search to LIKE '%,1,%'
So depending on your db you should try something like this
SELECT *
FROM yourTable
WHERE ',' + yourField + ',' LIKE '%,' + #search + ',%'
Have you tried:
select rows
from table
where field contains '1,'
?
If you're using MS SQL Server, you should use LIKE '%1%'.
I have a table image_tb, which has 3 fields, id,images,link (id is auto auto_increment), this is my insert code:
mysql_query("
insert into image_tb
(images,link)
select
'".(max(id)+1).".jpeg','".$link."'
from image_tb
");
it return:
Warning: max(): When only one parameter is given, it must be an array
how to modify? thanks.
its better you define a function , get the last id by query like this:
"select id from image_tb order by id desc limit 0,1"
then increase it , its realibe .
I think you don't mean to close the string:
select '" ...
should be
select MAX(id) + 1
Otherwise you are using the php function max, and I don't think you intend to do that at all.
By the way, you shouldn't be using mysql_*. Use PDO or mysqli.
do it inside the query,
mysql_query("
insert into image_tb (images,link)
select CONCAT(COALESCE((SELECT MAX(ID) + 1 FROM image_tb),1), '.jpeg'),'".$link."'
from image_tb
");
your query is vulnerable with SQL Injection, please read the article below to protect from it
How can I prevent SQL injection in PHP?
Have you considered something like this?
Insert data with empty filename
Update table where filename is empty, set filename to CONCAT(id, ".jpeg") or something (CONCAT is function used to "add" strings).