Develop Reference

How do safely I add a raw string to a query?

My SQLite query :
let data = db.getAllRows(sql"""
SELECT name, source, uploaded_at, canonical_url, size
FROM table
WHERE name like ?
ORDER BY ? DESC
LIMIT ?
OFFSET ?
""", &"%{query}%", order, limit, offset)
Nim adds single quotes to any string replacing ?. I can manually build the SQL string and then use sql(string), but the input then isn't escaped. Is there some other token apart from ? that does not add '?

To answer your title question: "How to safely add a raw string to a query", you can use dbQuote:
import db_sqlite
let
a = "unes'caped %' string"
b = "my prefix ->"
c = "<- my suffix"
d = b & dbQuote(a) & c
echo d
This will print my prefix ->'unes''caped %'' string'<- my suffix, adding quotes before/after and escaping any ones inside. This string is presumably safe to pass as an sql statement. You should get the same result as if you had used ? with extra parameters.

Using InStr in Access VBA to lookup a string value from another table

Very new to access VBA and would love some guidance on this.
I am searching through a string and looking for a particular substring in this field. This substring would have a value based on another table, ie
order = "Reference order QQ131415"
The problem is, there is no particular pattern for order numbers. Some are 7 digits, some are 10 and some have dashes in there.
There is a table i have access too that has these order numbers though, and I guess I am trying to use that table as a dictionary.
my very very basic Access VBA code is like this
' order= Instr(1, rst![order], qst![order_id],vbBinaryCompare)'
order is the string where i have the order id i am trying to extract
order_id is the actual id from a seperate table.
Is this something that Access VBA can handle?

So i think this will help you
You're not very clear in the sentence following on from "order=" with your code. Could you clear that up.
Instr(string1, String2, [ compare ])
string1 Required. String expression being searched.
string2 Required. String expression sought.
Instr returns a Variant (number in this case) specifying the position of the first occurrence of one string within another. So it should be:
Position= InStr(1, string1, string2, 1)
So you'd now know that the ordernumber starts at position x in Order. You'd then have to do a left(Order, Len(order) -x) to extract the string.
Youd do that in a nested loop because youll have to loop through your dictionary per record in Order.
E.g.
Dim rsOrder as DAO.recordset
Dim rsOrderId as Dao.recordset
dim orderTest as integer
dim stringcapture as string
Set rsOrder = Currentdb.OpenRecordset("[SELECT STRING]")
rsOrder.Movefirst
Do until rsOrder.EOF or rsOrder.BOF
Order = rsOrder![OrderFieldName]
Set rsOrderId = Currentdb.OpenRecordSet("[SELECT STRING]")
rsOrderID.Movefirst
Do Until rsOrderID.EOF or rsOrderID.BOF
OrderID = rsOrderID![OrderIDFieldName]
orderTest = Instr(1, Order, OrderID,1)
StringCapture = left(Order, Len(order) -OrderTest)
rsOrderID.movenext
Loop
rsOrder.movenext
Loop
rsOrder.close
rsOrderID.close
Something to that affect.

REGEXP_SUBSTR return all matches (mariaDB)

I need to get all the matches of a regular expression in a text field in a MariaDB table. As far as I know REGEXP_SUBSTR is the way to go to get the value of the match of a regular expression in a text field, but it always returns after the first match and I would like to get all matches.
Is there any way to do this in MariaDB?
An example of the content of the text field would be:
#Generation {
// 1
True =>
`CP?:24658` <= `CPV?:24658=57186`;
//`CP?23432:24658` <= `CPV?:24658=57186`
// 2
`CP?:24658` <> `CPV?:24658=57178` =>
`CP?:24656` <> `CPV?:24656=57169`;
And the select expression that I'm using right now is:
select REGEXP_SUBSTR(textfield,'CP\\?(?:\\d*:)*24658') as my_match
from table
where id = 1243;
Which at the moment returns just the first match:
CP?:24658
And I would like it to return all matches:
CP?:24658
CP?23432:24658
CP?:24658

Use just REGEXP to find the interesting rows. Put those into a temp table
Repeatedly process the temp table -- but remove the SUBSTR as you use it.
What will you be doing with each substr? Maybe that will help us devise a better approach.

how to search for a particular string in the given string in oracle

I have a string with value as '12A,12B,12C,13,14'.
I want to check whether '2A' is available in the above string.
while trying my value '2A' checks in 12A and returns as matched.
Please give me a solution for this.

You can do something like this:
select * from table where ',' || col || ',' like '%,2A,%';
Commas are concatenated to the column to cover the cases where the element is present at the start or end of the string.

SQL Insert and Replace?

I have an SQL statement I run for my website that inserts data into an access database. Is there a way during the insert to replace a space " " if one of the date textboxes contains a space? I need to do this because it throws off my date queries if there is a space in one of the columns?
INSERT INTO tblOpen (DateColumn1, DateColumn2) Values (#Value1, #Value2)

You should use the 'datetime' type for your DateColumn. It solves all your problem. It is good to use proper variable for proper field.

If you mean heading and trailing spaces, then:
myString = myString.Trim()
in your vb.net code will be fine. Even though I would follow Steve's suggestion and converting to date.

As question was about replace, you can either use Replace()
INSERT INTO tblOpen (DateColumn1, DateColumn2)
Values (REPLACE(#Value1, ' ', ''), #Value2)
or LTrim() and RTrim()
INSERT INTO tblOpen (DateColumn1, DateColumn2)
Values (LTRIM(RTRIM(#Value1)), #Value2)
However if datatype is a datetime then it makes sense to convert to that type using
DateTime d = Convert.ToDateTime(TextBox1.Text);
SqlParameter p = command.Parameters.Add("#Value1", System.Data.SqlDbType.DateTime);
p.Value = d;