I'm querying a fusion table:
SELECT Latitude,Longitude FROM myTable WHERE 'CompanyName' = 'Creek & Sons Co Ltd'
The problem is clearly the &, how does Google fusion tables query need to be escaped?
I am sending the query wrapped in encodeURI
use encodeURIComponent() instead, encodeURI does not encode the ampersand.
Related
I'm building a Kusto query for Azure Resource Graph that will return me all items for which a specific tag does NOT exist. What would be the query for checking this?
It depends on how the tags are represented in the table's schema.
If they are all in a single string (separated by one or more characters), then use where Tags !has "UnwantedTag"
If they are stored in a dynamic column, then use where set_has_element(Tags, "UnwantedTag") == false
found the solution:
if we want it to have the tag
'| where tags contains'
if we don't want it to have the tag
'| where tags !contains'
I am using DB Browser for SQLite. The documentation for SQLite's fts3 says "FTS is primarily designed to support Boolean full-text queries". I built a virtual table using fts4 and successfully executed a few WHERE ... MATCH queries. But the following attempts give errors:
SELECT id FROM histsearch WHERE id MATCH ("-1456" IN BOOLEAN MODE);
SELECT id FROM histsearch WHERE NOT EXIST id MATCH ("1457");
Is the problem in DB Browser or in SQLite? How else can I write this query so it will work?
SQLite's full text service (fts3) basically offers Boolean Mode by default, no search modifier needed. DB Browser uses fts's standard query syntax, so NOT is not supported. To exclude a term, do something like
SELECT * FROM indexed WHERE indexed MATCH 'sqlite -database';
Edit: however, you cannot only exclude search terms in fulltext search:
An FTS query may not consist entirely of terms or term-prefix queries with unary "-" operators attached to them.
You'll have to use NOT LIKE for that.
I've got a query builder that's been built in house which is using a full text index in order to perform description searches.
The query is built and parametrized and I was wondering the best way to encode the form field from the website in order to pass search strings such as:
Covered by
"red" near "yellow"
red" fish
Thanks
If you want to use full text search you should use where clause with other specific functions ( not just = or like ).
#param1 will still be a string (nvarchar eventually); see here:
Querying SQL Server Using Full-Text Search
for example, you query in this way (from MSDN):
USE AdventureWorks2008R2;
GO
DECLARE #SearchWord nvarchar(30)
SET #SearchWord = N'performance'
SELECT Description
FROM Production.ProductDescription
WHERE CONTAINS(Description, #SearchWord);
about special chars and escaping them, just have a look here: SQL Server Full Text Search Escape Characters?
in typical PHP applications I used to use mysql_real_escape_string before I did SQL inserts. However I am unable to do that in Drupal so would need some assistance. And without any sort of function like that, user input with apostrophes is breaking my code.
Please suggest.
Thank You
My SQL is as follows:
$sql = "INSERT INTO some_table (field1, field2) VALUES ('$field1', '$field2')";
db_query($sql);
Wrap your table with {}.
Also, use the proper placeholder syntax for insertion, like %d for numbers, %s for strings.
Here is the function API page:
http://api.drupal.org/api/function/db_query/6
Note that it has arguments.
Example:
db_query('INSERT INTO {tablename} (field1, field2) VALUES ("%s", "%s")', $field1, $field2);
I've got a search box that users can type terms into. I have a table setup with fulltext searching on a string column. Lets say a user types this: "word, office, microsoft" and clicks "search".
Is this the best way to deal with multiple search terms?
(pseudocode)
foreach (string searchWord in searchTerms){
select col1 from myTable where contains(fts_column, ‘searchWord’)
}
Is there a way of including the search terms in the sql and not iterating? I'm trying to reduce the amount of calls to the sql server.
FREETEXT might work for you. It will separate the string into individual words based on word boundaries (word-breaking). Then you'd only have a single SQL call.
MSDN -- FREETEXT
Well you could just build your SQL Query Dynamically...
string [] searchWords = searchTerm.Split(",");
string SQL = "SELECT col1 FROM myTable WHERE 1=2";
foreach (string word in searchWords)
{
SQL = string.Format("{0} OR contains(fts_column, '{1}')", SQL, word);
}
//EXEC SQL...
Obviously this comes with the usual warnings/disclaimers about SQL Injection etc... but the principal is that you would dynamically build up all your clauses and apply them in one query.
Depending on how your interacting with your DB, it might be feasible for you to pass the entire un-split search term into a SPROC and then split & build dynamic SQL inside the stored procedure.
You could do it similar to what you have there: just parse the search terms based on delimiter, and then make a call on each, joining the results together. Alternatively, you can do multiple CONTAINS:
SELECT Name FROM Products WHERE CONTAINS(Name, #Param1) OR CONTAINS(Name, #Param2) etc.
Maybe try both and see which is faster in your environment.
I use this class for Normalizing SQL Server Full-text Search Conditions