I have developed a software with Visual Studio 2015-2017 and briefly speaking I have a textbox that send it's content as a parameter to a command on a MySql database to return the value in a DataGridView. It's a software to organize every
environmental complaint sent from a webpage.
My question is: Can I use that ONE textbox to search content for any row in a database table?
Like using the textbox to return every single environmental complaint with a persons name and using the same one to return every single environmental complaint with the complaint location.
It would be something like:
SELECT * FROM TABLE WHERE anything on a table = textbox parameter;
The answer is no, not in any normal sense the way you have shown, however you can build up a query to include the columns you want to search. I mean how are you (or sql) going to deal with non text fields and all sorts of other shenanigans
Example of what might get your started
SELECT ...
FROM yourtable
WHERE 'val' IN (field1, field2, field3, field4, ...)
or
WHERE field1 LIKE '%val%' or field2 LIKE '%val%' etc....
If you mean like separate the data in the same textbox. Then you could probably separate with spaces or lines using "\n" for new line or " " * x where x is an integer for spaces.
I tried this as an ideia and it aparrently works :
SELECT * FROM table WHERE Name = 'Person name' or complaintType = 'Person name'...
and so on with all the fields that i want, and "Person name" being the textbox parameter sent to the command...
thanks for the help!
Related
I have to remove the particular value from the sentence which is stored in SQL database. Sentence will look like this:
1 Payments:ihj - CHENNAI-HIRE:54005-TN69AZ54008,4021-TN69AZ54005
2 Payments:ihj - CHENNAI-HIRE:54004-TN69AZ54008,4021-TN69AZ54005,54005-TN69AZ54008
In above sentence 54004 is the number which I will pass as parameter to SQL. This is the number which I want to remove from this line but same number is present in this line as TN69AZ54005. This number should not be disturbed, and in another payment we have same amount in another place. Can anyone help on this?
I tried with this sql query
declare #text int=4019
select SUBSTRING(notes,CHARINDEX(cast(#text as varchar),notes),
len(notes)-CHARINDEX(',',notes)+1)
from Accounts.TransactionNotes
where TransactionID=1978
If I use this query it will affect including this line TN69AZ54005
I can see that you've included a C# tag into your question. Then probably the easiest way is just to select all necessary rows using your app, then iterate through them and change the strings to your needs (using eg. PHP preg_replace() equivalent) and update the SQL rows.
I believe that is the easiest way, not really SQL solution but still...
update <table> set notes = replace(notes, 'HIRE:'+ str(<inputparam>),'HIRE:') where transactionid=<transactionid>
update <table> set notes = replace(notes, ','+ str(<inputparam>),',') where transactionid=<transactionid>
You will need to find something to prefix your inputpram value, like in above example I am using "HIRE:" or a comma.
Another way could be to use REGEXP to find the whole word, then one one query would suffice. But I haven't tried it.
The problem here is not the query but the person who designed the
database.
I`m not sure is it this what you want but I will past my code. :)
-- for test create #temp
SELECT
A.DATA
INTO #Temp
FROM
(
SELECT 'Payments:ihj - CHENNAI-HIRE:54005-TN69AZ54008,4021-TN69AZ54005' AS DATA
UNION
SELECT 'Payments:ihj - CHENNAI-HIRE:54004-TN69AZ54008,4021-TN69AZ54005,54005-TN69AZ54008' AS DATA
) AS A
GO
-- this you want?
UPDATE #Temp
SET DATA = REPLACE(DATA,'54004','')
GO
-- select changed data
SELECT * FROM #Temp
When my query is:
select * from table_name where name='jim'
everything is fine.
But when my query is:
select * from table where ='a statement with 2 and more word'
For example this query:
select columns from table where ='jim carrey'
The query just considers 'jim'. In other words, the query just considers the first word and does not consider whatever comes after that.
SQL does not work like that. If you take the following three queries:
select * from users where name = 'Frank Jones'
select * from users where name = 'Frank'
select * from users where name like 'Frank%'
If I run these on my SQL server database (after changing back to our real data structure) I will get 1 response to the first , the person who is actually named "Frank Jones'. I will not get 'Frank Jones III'
Since both first and last names are in the name columns if I run the second query, I will get no results.
If I run the third query I will get everyone whose first name if Frank but will not get "Jason Franks' because I only have a wildcard at the end of the phrase I am searching for. If I wanted everyone who had and portion of Frank in their name I would write this query:
select * from users where name like '%Frank%'
These are standard rules on what the various where clauses mean that apply to every database I have ever seen (although some might have a differnt wildcard symbol).
You don't say what platform you are using which makes answering your question harder but I will give an answer that will be close.
You need to parse the first work in the string. So
SELECT aColumn
FROM aTable
WHERE name = LEFT('Jim Carrey', CHARINDEX('Jim Carrey',' '))
Would be an example in sql server
The name of these functions changes for each platform.
Let say I have a MySQL server with one table that has over 1 million records. For the sake of illustration let say those are products. To make it simple the table has only 3 columns:
product_id - name - price
Let say I have one table displaying the information. Through a TextBox, with each key press, I wan't to select the products that contains the string in that TextBox, additionally the TextBox can have multiple search strings (up to 3) divided by a character '^' so if the TextBox had a string like: "st ^ b ^ ry" it would select products that contains 'st', 'b' and 'ry'.
I made the query like this:
SELECT
product_id,
name,
price
FROM
products
WHERE
name LIKE %{Param1}%
AND name LIKE %{Param2}%
AND name LIKE %{Param3}%
ORDER BY
name ASC
Locally this is fine I guess but when the program is being used somewhere else the query and table takes forever to load after each key press. So...
What is the best way to do this?
Is there a better way to get what i want instead of 3 "LIKE" or is it
right how I did it?
UPDATE
I've checked the questions posted by Loathing and according to what I read the best solution is:
SELECT name FROM table
WHERE MATCH (name) AGAINST ('keyterm');
Having a FULLTEXT index (with MyISAM engine). But the problem with that is that it won't show partial entries. If I had a product called "1/2 Blue Strawberry" and in keyterm I have 'a' (as an example), nothing will show up. I don't want it to just look for words but every record containing whatever I want even if that is a single letter.
Im writing a C# web page thats tied to a listview. My client would like to be able to type in something or part of something that it would show results. For example he wants a textbox where he may put in a phone number, part of a phone number, a name, city or whatever and there would be a SP of sorts that finds then lists the info. How can I accomplish this in either a SQL Sp or within VS 2010?
SELECT cols
FROM tbl
WHERE field LIKE '%' + #input + '%'
As several others have suggested, use the LIKE operator.
However, do NOT just put the data the user typed in directly into your LIKE clause like others have suggested. This leads to a very simple and very dangerous vulnerability known as a SQL injection attack.
If you insert the user's input directly into
SELECT cols FROM tbl WHERE field LIKE '%' + input + '%'
then a user could put the following in the text box:
;DROP TABLE tbl; --
(as an example), which makes your SQL statement become:
SELECT cols FROM tbl WHERE field LIKE '%'; (the first part of your query)
DROP TABLE tbl; (the injected sql that you don't want to let people run; drop the database table)
-- '%' (the rest of your previous query is commented out)
Always make sure you used parametrised SQL statements, or at the minimum sanitize your inputs. You really don't want people to be able to run arbitrary SQL on your database server.
Jeff Atwood (of SO fame) has a short posting on this.
And it is worth reading this too :)
Most everyone has hit on part of the solution -- use the LIKE operator.
But I think another aspect of the problem can be addressed in SQL.
Create a computed varchar(MAX) column. Turn on a full text index on this field. Then all you need to do is do a sql like:
SELECT * from <TABLE_NAME> WHERE Keywords like '%<search term>%'
This way you don't have to do phone like <search> or name like <search> etc.
Use the LIKE operator.
SELECT * FROM Table WHERE PhoneNumber LIKE '%value%' OR Name LIKE '%value%' OR
City LIKE '%value%'
If you want to use one textbox which could contain many different kinds of data, you need to be specific in your code about which database tables and columns you will search, and in what order.
For example, you might write a query that does this:
First, search in the Customer table
in the FirstName and LastName columns
for a name LIKE the one in the
textbox. SELECT the CustomerID for
all of the matches.
Next, search in both the Customer
table and the Supplier table, in the
PhoneNumber column, for a phone
number LIKE the one in the textbox.
SELECT the CustomerID or SupplierID
for all of the matches. If any results are found, combine them with the results of the first query.
Continue searching for street
addresses, and querying other tables.
Add new records to the resultset as
you go along.
After you have queried all of the tables that you want to search in, you will have a resultset containing ID's. You need to do another series of SELECTs to get the information you want to display to the user. If you mix customers and suppliers (and employees, etc), this could become quite complicated.
As you can see from this, it would be much easier to have separate textboxes for each search criteria. One textbox for first name, another for last name, a third for company name. A separate textbox for phone number. And if you are mixing data for customers, suppliers, employees, etc, you should have the user indicate (perhaps on a dropdown list or with checkboxes) which types of people to search, so you know which tables to query.
I am a PHP/MySQL developer, slowly venturing into the realm of C#/SQL Server and I am having a problem in C# when it comes to reading an SQL Server query that joins two tables.
Given the two tables:
TableA:
int:id
VARCHAR(50):name
int:b_id
TableB:
int:id
VARCHAR(50):name
And given the query
SELECT * FROM TableA,TableB WHERE TableA.b_id = TableB.id;
Now in C# I normally read query data in the following fashion:
SqlDataReader data_reader= sql_command.ExecuteReader();
data_reader["Field"];
Except in this case I need to differentiate from TableA's name column, and TableB's name column.
In PHP I would simply ask for the field "TableA.name" or "TableB.name" accordingly but when I try something like
data_reader["TableB.name"];
in C#, my code errors out.
How can fix this? And how can I read a query on multiple tables in C#?
The result set only sees the returned data/column names, not the underlying table. Change your query to something like
SELECT TableA.Name as Name_TA, TableB.Name as Name_TB from ...
Then you can refer to the fields like this:
data_reader["Name_TA"];
To those posting that it is wrong to use "SELECT *", I strongly disagree with you. There are many real world cases where a SELECT * is necessary. Your absolute statements about its "wrong" use may be leading someone astray from what is a legitimate solution.
The problem here does not lie with the use of SELECT *, but with a constraint in ADO.NET.
As the OP points out, in PHP you can index a data row via the "TABLE.COLUMN" syntax, which is also how raw SQL handles column name conflicts:
SELECT table1.ID, table2.ID FROM table1, table;
Why DataReader is not implemented this way I do not know...
That said, a solution to be used could build your SQL statement dynamically by:
querying the schema of the tables you're selecting from
build your SELECT clause by iterating through the column names in the schema
In this way you could build a query like the following without having to know what columns currently exist in the schema for the tables you're selecting from
SELECT TableA.Name as Name_TA, TableB.Name as Name_TB from ...
You could try reading the values by index (a number) rather than by key.
name = data_reader[4];
You will have to experiment to see how the numbers correspond.
Welcome to the real world. In the real world, we don't use "SELECT *". Specify which columns you want, from which tables, and with which alias, if required.
Although it is better to use a column list to remove duplicate columns, if for any reason you want *****, then just use
rdr.item("duplicate_column_name")
This will return the first column value, since the inner join will have the same values in both identical columns, so this will accomplish the task.
Ideally, you should never have duplicate column names, across a database schema. So if you can rename your schema to not have conflicting names.
That rule is for this very situation. Once you've done your join, it is just a new recordset, and generally the table names do go with it.