Are you a Google Analytics enthusiast?
More SEO Content
Mysql Select Wild Cards
Posted 16 June 2009 - 10:28 AM
"SELECT * FROM destinations WHERE company1 = '$company' OR company2 = '$company' ORDER BY name";
"SELECT * FROM destinations WHERE company_ = '$company' ORDER BY name";
and this fails:
"SELECT * FROM destinations WHERE company% = '$company' ORDER BY name";
I am running Cpanel.
MySQL client version: 4.1.22
phpMyAdmin - 126.96.36.199
Is there some functionality that I need to enable or am I just not coding it correctly.
Thanks in advance.
Posted 16 June 2009 - 12:50 PM
So '%company' would do it, I think.
Posted 17 June 2009 - 01:37 AM
Posted 17 June 2009 - 03:27 AM
I'm not sure I'd do that without placing some extremely tight security on the script itself. Or to quote the robot from Lost In Space: Danger Will Robinson! Danger!
For an internal app where nothing much is going to change over the years and the users are going to be limited, it's okay. But when you start opening such things up to publicly available scripts, this kind of wildcarding make me queasy. Too many things could go horribly wrong down the road if someone else were to get their hands on the code, even if they weren't trying to do something nefarious but simply didn't understand what the code did.
Okay, with all of those disclaimers out of the way...
What you're trying to do won't work the way you're trying to do it. That's a natural protection from potential harm built into MySQL. Of course the fact that there are protections in there doesn't mean it cannot be done. How depends upon which version of MySQL you're running.
If you're on MySQL 5 you'll probably want to look into Information Schema Tables. That's a link to the official docs. There are lots more examples out there if you search Google for the Information Schema bit.
Realize though that if you don't place some significant limits on what the select statement does it can have some rather serious effects on server loads. It can end up producing a runaway Select statement.
If you're on an earlier version of MySQL you can accomplish the same basic thing by via "show tables" and then using php to analyze the results, pull out the relevant entries via ereg or whatever, then using that to build your SELECT statement dynamically. Again be a bit careful with it since these automated types of things can tend to run wild.
If you only have a few of these potential company* 's to process, the safer way to do it is to hard code them in your select statement with a bit of concatenation withsome OR's. Similar to your first working example, just with more OR's in there.
Posted 17 June 2009 - 07:17 AM
that allows anything BEFORE the search string and anything AFTER
hope this helps.
Posted 17 June 2009 - 09:32 AM
Maybe the outside magic quotes take care of that and maybe I've not thought this through properly and maybe I'm prepared to admit that I should have.
Edited by rolf, 17 June 2009 - 09:37 AM.
Posted 17 June 2009 - 10:19 AM
Posted 18 June 2009 - 04:33 PM
In view of the security concerns raised by Randy, I am minded to hard code the select statement even though this means it is a bit more work when new companies join the scheme. I do however severely limit the permissions for the "Connection" from the pages where this is featured by not allowing writing, deleting etc.
Posted 18 June 2009 - 08:56 PM
I've done the extra file thing several times before and it makes editing/updating those a snap. As long as you remember what you call the additional file.
Posted 20 June 2009 - 12:35 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users