Re: [sqlite] Best Match Query

Mon, 06 Aug 2007 07:03:59 -0700 

or with a "like" operator

sqlite> create table x (t);
sqlite> insert into x values (442);
sqlite> insert into x values (44);
sqlite> insert into x values (4454);
 select * from x where 4429845 like t||"%" order by length(t) desc limit 1;
442







Quoting RaghavendraK 70574 <[EMAIL PROTECTED]>:

> Thanks .
> 
> I found similar one in the mailing list archive.
> create table test (t text);
> 
> insert into test values ('9');
> insert into test values ('98');
> insert into test values ('986');
> insert into test values ('9867');
> 
> select * from test where '98555'  like t || '%' order by t desc limit 1;
> 
> output: 98.
> 
> 
> regards
> ragha
> 
> 
*******************************************************************************
***********
>  This email and its attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including, but
> not limited to, total or partial disclosure, reproduction, or dissemination)
> by persons other than the intended recipient(s) is prohibited. If you receive
> this e-mail in error, please notify the sender by phone or email immediately
> and delete it!
>  
*******************************************************************************
**********
> 
> ----- Original Message -----
> From: Simon Davies <[EMAIL PROTECTED]>
> Date: Monday, August 6, 2007 8:12 pm
> Subject: Re: [sqlite] Best Match Query
> 
> > Hi Ragha,
> > 
> > C:\Joinerysoft\JMS\TestArea>sqlite3  tst.db
> > SQLite version 3.4.0
> > Enter ".help" for instructions
> > sqlite>
> > sqlite> create table tst( c1 integer, c2 test );
> > sqlite> insert into tst values( 1, '44' );
> > sqlite> insert into tst values( 2, '442' );
> > sqlite> insert into tst values( 3, '4454' );
> > sqlite>
> > sqlite> select * from tst where '4429845' > cast( c2 as text ) order
> > by c2 desc limit 1;
> > 2|442
> > 
> > Maybe not the most efficient way, but seems to give requested 
> > result...
> > Rgds
> > Simon
> > 
> > 
> > On 06/08/07, RaghavendraK 70574 <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > >
> > > How to form the SQL query(in SQLite) for the following problem below
> > >
> > > table:
> > > 44
> > > 442
> > > 4454
> > >
> > > Input String: 4429845
> > >
> > > Expected output from SQL query: 442
> > >
> > > regards
> > > ragha
> > >
> > >
> > > 
> >
> 
*******************************************************************************
***********>
>  This email and its attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including, but
> not limited to, total or partial disclosure, reproduction, or dissemination)
> by persons other than the intended recipient(s) is prohibited. If you receive
> this e-mail in error, please notify the sender by phone or email immediately
> and delete it!
> > >  
> >
> 
*******************************************************************************
**********>
> > > ----- Original Message -----
> > > From: Trevor Talbot <[EMAIL PROTECTED]>
> > > Date: Monday, August 6, 2007 2:39 pm
> > > Subject: Re: [sqlite] a c++ newbie question
> > >
> > > > On 8/5/07, Stephen Sutherland <[EMAIL PROTECTED]> wrote:
> > > >
> > > > >   I am trying to treat a string before passing it through my SQL
> > > > statement into the database.
> > > > >
> > > > >   I know that a  single apostrophe will break the SQL statement.
> > > > >   So I have to replace them all to double apostrophes.
> > > >
> > > > >   But are there any other characters that will break the SQL
> > > > statement ?
> > > >
> > > > > I actually have a situation where the user creates an XML file
> > > > and the contents of the XML file gets dumped in the database. So
> > > > there is opportunity for a hacker to create an XML file which has
> > > > some SQL statements in it like ' DELETE TABLE X ;
> > > > >
> > > > >   So any thoughts or existing code would be great.
> > > >
> > > > Don't attempt to treat strings at all.  Instead, always use the
> > > > parametric binding API for whatever database you're using.  You
> > > > prepare statements like "INSERT INTO table VALUES (?)", and 
> > then pass
> > > > in the input string as a separate argument for the database 
> > engine to
> > > > put in place of the "?".  This avoids the entire problem of 
> > escaping> > special characters, and you don't need to treat your 
> > input data
> > > > specially.
> > > >
> > > > For sqlite, use sqlite3_prepare_v2() and sqlite3_bind_text().
> > > > http://sqlite.org/capi3.html should get you up to speed on the
> > > > process, and browse through the other documents on the site 
> > for more
> > > > information.
> > > >
> > > > ---------------------------------------------------------------
> > ----
> > > > ----------
> > > > To unsubscribe, send email to [EMAIL PROTECTED]
> > > > ---------------------------------------------------------------
> > ----
> > > > ----------
> > > >
> > > >
> > >
> > > -----------------------------------------------------------------
> > ------------
> > > To unsubscribe, send email to [EMAIL PROTECTED]
> > > -----------------------------------------------------------------
> > ------------
> > >
> > >
> > 
> > -------------------------------------------------------------------
> > ----------
> > To unsubscribe, send email to [EMAIL PROTECTED]
> > -------------------------------------------------------------------
> > ----------
> > 
> > 
> 
> -----------------------------------------------------------------------------
> To unsubscribe, send email to [EMAIL PROTECTED]
> -----------------------------------------------------------------------------
> 
> 






-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------

Reply via email to