subject:"\[sqlite\] Search % using sqlite"

Re: [sqlite] Search % using sqlite

2018-01-05 Thread Hegde, Deepakakumar (D.)

From: sqlite-users <sqlite-users-boun...@mailinglists.sqlite.org> on behalf of R Smith <ryansmit...@gmail.com> Sent: Friday, January 5, 2018 3:41:35 PM To: sqlite-users@mailinglists.sqlite.org Subject: Re: [sqlite] Search % using sqlite On 2018/01/05 10:14 AM, Rowan

Re: [sqlite] Search % using sqlite

2018-01-05 Thread R Smith

On 2018/01/05 10:14 AM, Rowan Worth wrote: For this simple search it's easier to replace "NAME LIKE ?" with "instr(NAME, ?) > 0", unless you need case insensitive matching. And in case you do wish for Case-Insensitive matching while using Rowan's method... "instr(UPPER(NAME), UPPER(?)) >

Re: [sqlite] Search % using sqlite

2018-01-05 Thread Rowan Worth

Firstly this code is extremely dangerous. What would happen if acInputString contained this string? ';DROP TABLE AUDIO; SELECT ' It's best practice to use bound parameters to prevent this kind of problem, ie. sqlite3_prepare(db, "SELECT NAME FROM AUDIO WHERE NAME LIKE ?", -1, , NULL);

[sqlite] Search % using sqlite

2018-01-04 Thread Hegde, Deepakakumar (D.)

Hi All, We are implementing a wild card search feature. our query is as below: sprintf (acQstring, "SELECT NAME FROM AUDIO WHERE NAME LIKE '%%%s%%'", acInputString); In the input string is '%' then we are getting t all the entry in the column. ex: name column have following: %a a a%a