subject:"SQL\\\\\\\: forbidden syntax search"

Re: SQL: forbidden syntax search

2003-11-16 Thread Brian Reichert

On Sun, Nov 16, 2003 at 03:31:18AM +0100, M. Bader wrote:
 Hi,
 
 I need a little help on my SQL syntax.
 
 I want to store forbidden inputs from the GUI in a table and query it on
 input from the user;

This doesn't answer your question specifically, but rather, describes
a separate solution...

 simple layout:
 
 CREATE TABLE `forbidden_input` (`lfdnr` TINYINT (3) UNSIGNED DEFAULT '0'
 AUTO_INCREMENT, `input` VARCHAR (255) NOT NULL, PRIMARY KEY(`lfdnr`),
 UNIQUE(`input`));
 
 Content is something like this:
 1,'+'
 2,'^'
 3,''
 4,''
 5,'('
 6,')'
 7,'~'
 8,''
 9,'%'

Must the forbidden inputs be in a table?  Couldn't you use the
regular expression syntax instead?  Something like:

  SELECT `input` FROM lok_forbidden_input WHERE
'Hello World' regexp '[+^()~%]';

(This is utterly untested.  Tweak as neccessary. You might need to
backquote some characacters there...)

The point being, you can build your regular expression to contain
a list of weird characters you want to match.

-- 
Brian 'you Bastard' Reichert[EMAIL PROTECTED]
37 Crystal Ave. #303Daytime number: (603) 434-6842
Derry NH 03038-1713 USA BSD admin/developer at large

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

SQL: forbidden syntax search

2003-11-15 Thread M. Bader

Hi,

I need a little help on my SQL syntax.

I want to store forbidden inputs from the GUI in a table and query it on
input from the user;

simple layout:

CREATE TABLE `forbidden_input` (`lfdnr` TINYINT (3) UNSIGNED DEFAULT '0'
AUTO_INCREMENT, `input` VARCHAR (255) NOT NULL, PRIMARY KEY(`lfdnr`),
UNIQUE(`input`));

Content is something like this:
1,'+'
2,'^'
3,''
4,''
5,'('
6,')'
7,'~'
8,''
9,'%'


The Query shall be something like (Where 'Hello World' will later be
substituted with the user's input by PHP.):

SELECT `input` FROM lok_forbidden_input WHERE 'Hello World' like '%\%';

I get a strange behavior here, which I can't explain myself: I get either no
results or all results.



More bad: I originally wanted to compare the table content agains the user's
input.
So the query should rather look like this:

SELECT `input` FROM lok_forbidden_input WHERE 'Ha%llo Welt' like
'%\'+`input`+'%';

But here I get a problem with the backslash with should mask out something
like '%' in table's row number 9.


Where am i wrong here?

Thanks for any help
Maik



-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

Re: SQL: forbidden syntax search

SQL: forbidden syntax search

2 matches

Site Navigation

Mail list logo

Footer information