I'm Trying to search for usernames using LIKE query, however the query always return 0 and the usernames does exists! I'm using MYSQL terminal that with MAMP PRO server and here what i tried:
SELECT * FROM userlogin WHERE username LIKE '٪w٪';
SELECT * FROM userlogin WHERE username LIKE '٪w';
SELECT * FROM userlogin WHERE username LIKE 'w٪';
SELECT * FROM userlogin WHERE username LIKE '٪?٪';
Always the result is the same 0 what can be the problem!?
You are using percent character from Arabic encoding, copy following character and all will be fine (or switch your keyboard on English based keyboard and then type):
%
I doubt that it returns 0 - I suspect you mean the queries return no rows. Also you did not provide any details of the records you expected the query to return.
Applying further guesswork, I think the first 2 queries are intended to return records where the username starts with zW - in which case you should be specify a wildcard in your literal, e.g.
SELECT * FROM userlogin WHERE username LIKE '٪w%';
From the manual:
With LIKE you can use the following two wildcard characters in the pattern:
% matches any number of characters, even zero characters.
_ matches exactly one character.
Hi Walid Naceri You have wrong special character use %w% Like this
Related
I have this record in my database
| 29 | Mac 190:193:194:195:196:197:198:199:200 |
the last column name is
path_address
if I have a string like this
190:193:194:195
I want MySQL to select the path_address that has same sequence
so I used this command
$query_data = $module_model::where('path_address','LIKE',"$structure%")->limit(7)->get();
where structure is :190:193:194:195 and it is working fine, but what is happening is that if I have string like this
190:193:194:195:197
it is also return mac as a result of this query ,
how can I set my query to bring the string that have same sequence only and stop if it has broken sequence , so the accepted sequence will be like this
190
190:193
190:193:194
190:193:194:195
190:193:194:195:196 and so on
but theses sequence must be rejected
190:194
190:193:194:196
190:193:196
190:193:194:195:196:198 etc .
For example, you may use
WHERE path_address LIKE '$structure%'
OR '$structure' LIKE CONCAT(path_address, '%')
First condition will return rows where path_address is not shorter than $structure, second - where it is not longer respectively.
fiddle
I'm new here. I have only basic knowledge of PHP and Mysql.
I have a math expression like:
[13 + 24 + 92 -
x1x2]
which is stored in MySQL database as:
[1<sup>3</sup> + 2<sup>4</sup> + 9<sup>2</sup> - x<sub>1</sub>x<sub>2</sub>].
I want to search that column from MySQL database using the input string $str='1^3 + 2^4 + 9^2 - x_1x_2';. The MySQL column is set as a full-text index so I need to search it using MATCH AGAINST method.
UPDATE: I added the relevant code from my application below.
My question is why the MySQL query returning 0. if I even change the input string the same thing is happening. Like
$str=$_GET['search']; //$_GET['search'] is equal to '1<sup>3</sup> + 2<sup>4</sup> + 9<sup>2</sup> - x<sub>1</sub>x<sub>2</sub>'
//the $str contain the search string
$query = "(Select col1,col2,MATCH (col3) AGAINST ('".$str."' IN NATURAL LANGUAGE MODE) AS relevance from table_name WHERE MATCH (col3) AGAINST ('".$str."' IN NATURAL LANGUAGE MODE))";
$run = mysqli_query($connect, $query);
$foundnum = mysqli_num_rows($run);
//$foundnum returning 0
Since the string 1^3 is not the same as 1<sup>3</sup>, there is no SQL method to have them match. Also, there is no simple amount of PHP code to declare that they are the same.
You need to come up with a canonical form for "power" and use it in both the data in the table and the search string. Probably you should pick the "math" representation for searching 1^3. You could use a second column for the HTML representation 1<sup>3</sup>.
But, there is another problem. FULLTEXT indexing works with "words" separated by spacing and punctuation. So the words in those are 1, 3, and sup.
Still more trouble... FULLTEXT defaults to a minimum of 3 letters for a "word". So sup would be the only "word".
So, what to do? If you can decide on a canonical form, then see =, LIKE, or REGEXP for string comparisons, not FULLTEXT.
I'm having some regex troubles, using Python 2.7 if that matters.
Basically what I'm trying to do is to capture inserted variables in a PHP SQL query string declaration, for example:
$query = "SELECT * FROM `users` WHERE user='$user' AND password='$pass';";
This should return $user when I get the second group from the match.
Here's my regex as it stands right now:
r'.*?\s*=\s*\(\".*?\'(\$[^\']+)\'.*?\"\);'
Example showing that this works and captures $user but not the one above (yes I know it doesn't capture $pass as it ideally should, that's seems to be a limitation with Python's implementation and Regex in general. I do some hacks to get around this in my actual program)
The above works for the example I used. However, when I introduce another case where the inserted variable uses the syntax '{$foo['bar']}', my other regex below doesn't work which accounts for the fact that it contains an apostrophe which doesn't close the variable:
r'.*?\s*=\s*[\(]?\".*?(?:(?:\'(\$[^\']+)\')|(?:\'(\$\{[^\}]+\})\'))?.*?\"[\)]?;'
So basically I want to capture either the '$user' syntax or the one with { }, for example '{$foo['bar']}'. Note that these are not exclusive, it's just that an inserted variable may be of either kind and I want to account for both.
Here's a link to test this out, showing that it doesn't work. Using the second regex also breaks capturing the simple $user, not sure why.
I am not sure what do you mean by limitation in python because following works as it should:
>>> import re
>>> query = "SELECT * FROM `users` WHERE user='$user' AND password='$pass';";
>>> re.findall(r"='(\$\w+)'", query)
['$user', '$pass']
For matching the other query have a look at this regex demo:
='(\{?\$.+?)(?:'(?:\s|;))
And, code example:
>>> query1 = "(\"SELECT table_schema, table_name, create_time FROM information_schema.tables WHERE table_schema='{$_DVWA['db_database']}' AND table_name='users' LIMIT 1\");"
>>> re.findall(r"='(\{?\$.+?)(?:'(?:\s|;))", query1)
["{$_DVWA['db_database']}"]
# it works on the other query as well
>>> re.findall(r"='(\{?\$.+?)(?:'(?:\s|;))", query)
['$user', '$pass']
I've imported a .txt database in MySQL through "LOAD DATA INFILE", and everything seemed working, the only problem is that if I search a record on the DB with the following query:
"SELECT * FROM hobby WHERE name LIKE 'Beading'"
it returns 0 rows, while if I use
""SELECT * FROM hobby WHERE name LIKE '%Beading%'"
it returns 1 row, even if exist one record with name=Beading. Does anybody know what could it depend on?
When using SQL LIKE:
You should use a wildcard identifier such as (or not):
'%word' - return results that the value ends with the letters: "word".
'word%' - return results that begin with the letters: "word".
%word% - return results that include the letters: "word" anywhere.
there are some more pattern search combination like:
'abc' LIKE 'abc' true
'abc' LIKE 'a%' true
'abc' LIKE 'b' true
'abc' LIKE 'c' false
If you want an exact match you should use:
"SELECT * FROM hobby WHERE name='Beading'"
But LIKE 'Beading' should also work, so it's probably a spaces issue or case sensitivity problem.
You need to take care of collation case (sensitivity) when you want to make sure your results are complete.
Say your table is UTF...CS and you want to make an insensitive case search you should declare it in your SQL query, for example:
SELECT * FROM hobby WHERE name COLLATE UTF8_GENERAL_CI LIKE 'beading'
try testing different approaches and see what fits your goal best.
the first one doesnt work because Like statment you should use '%search word%'
you should use this one
"SELECT * FROM hobby WHERE name LIKE '% Beading %' or name LIKE '% Beading'
or name LIKE 'Beading %' or name LIKE 'Beading'"
i am using mysqlclient,
in one of my query, as shown below
sprintf (query, "select user from pcloud_session where id = '%s'", sid);
here some time this sid is with % sign in it like the example
2Cq%yo4i-ZrizGGQGQ71eJQ0
but when there is this % this query always fail, i think i have to escape this %, but how ?
i tried with \ and %% , but both of this not working, please help me here
UPDATE:
When using session.hash_bits_per_character = 6, in php session ,the default charset contains a character (comma) that will always be urlencoded(here it is %2C). This results in cookie values having this %2C in it, but session db having a comma instead of it. any idea about fixing this problem ?.. sorry for the confusion
Thanks
There's no need to escape a literal '%' in MySQL query text.
When you say the query "always fail", is it the call to the mysql_query function that is returning an error? Does it return a SQL Exception code, or is it just not returning the resultset (row) you expect?
For debugging, I suggest you echo out the contents of the query string, after the call to sprintf. We'd expect the contents of the string to be:
select user from pcloud_session where id = '2Cq%yo4i-ZrizGGQGQ71eJQ0'
And I don't see anything wrong with that SQL construct (assuming the id column exists in pcloud_session and is of character datatype. Even if id was defined as an integer type, that statement wouldn't normally throw an exception, the string literal would just be interpreted as integer value of 2.)
There should be no problem including a '%' literal into the target format of an sprintf. And there should be no problem including a '%' literal within MySQL query text.
(I'm assuming, of course, that sid is populated by a call to mysql_real_escape_string function.)
Again, I suggest you echo out the contents of query, following the call to sprintf. I also suggest you ensure that no other code is mucking with the contents of that string, and that is the actual string being passed as an argument to mysql_query function. (If you are using the mysql_real_query function, then make sure you are passing the correct length.)
UPDATE
Oxi said: "It does not return a SQL Exception code, it just does not return the result[set] I expect. I did print the query, it prints with % in it."
#Oxi
Here's a whole bunch of questions that might help you track down the problem.
Have you run a test of that query text from the mysql command line client, and does that return the row(s) you expect?
Is that id column defined as VARCHAR (or CHAR) with a length of (at least) 24 characters? Is the collation on the column set as case insensitive, or is it case sensitive?
show create table pcloud_session ;
(I don't see any characters in there that would cause a problem with characterset translation, although that could be a source of a problem, if your application is not matching the database charactarset encoding.)
Have you tested queries using a LIKE predicate against that id column?
SELECT id, user FROM pcloud_session WHERE id LIKE '2Cq\%yo4i-%' ESCAPE '\\'
ORDER BY id LIMIT 10 ;
SELECT id, user FROM pcloud_session WHERE id LIKE '2Cq%'
ORDER BY id LIMIT 10 ;
Are you getting no rows returned when you expect one row? Are you getting too many rows returned, or are you getting a different row than the one you expect?
That is an oddball value for an id column. At first, it looks almost as if the value is represented in a base-64 encoding, but it's not any standard encoding, since it includes the '%' and the '-' characters.
If you're going to do this in C without an interface library, you must use mysql_real_escape_string to do proper SQL escaping.
There shouldn't be anything intrinsically wrong with using '%inside of a string, though, as the only context in which it has meaning is either directly inprintftype functions or as an argument toLIKE` inside of MySQL.
This proves to be really annoying, but it's absolutely necessary. It's going to make your code a lot more complicated which is why using low-level MySQL in C is usually a bad idea. The C++ wrapper will give you a lot more support.
You really shouldn't escape the string yourself. The safest option is to let the MySQL API handle it for you.
For a string of maximum length n, start by allocating a string of length 2*n+1:
int sidLength = strlen(sid);
// worst-case, we need to escape every character, plus a byte for the ASCIIZ
int maxSafeSidLength = sidLength * 2 + 1;
char *safeSid = malloc(maxSafeSidLength);
// copy "sid" to "safeSid", escaping as appropriate
mysql_real_escape_string(mysql, safeSid, sid, sidLength);
// build the query
// ...
free(safeSid);
There's a longer example at the mysql_real_escape_string page on dev.mysql.com, in which they build the entire query string, but the above approach should work for supplying safeSid to sprintf.