or with a "like" operator
sqlite> create table x (t);
sqlite> insert into x values (442);
sqlite> insert into x values (44);
sqlite> insert into x values (4454);
select * from x where 4429845 like t||"%" order by length(t) desc limit 1;
442
Quoting RaghavendraK 70574 <[EMAIL PROTECTED]>:
> Thanks .
>
> I found similar one in the mailing list archive.
> create table test (t text);
>
> insert into test values ('9');
> insert into test values ('98');
> insert into test values ('986');
> insert into test values ('9867');
>
> select * from test where '98555' like t || '%' order by t desc limit 1;
>
> output: 98.
>
>
> regards
> ragha
>
>
*******************************************************************************
***********
> This email and its attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including, but
> not limited to, total or partial disclosure, reproduction, or dissemination)
> by persons other than the intended recipient(s) is prohibited. If you receive
> this e-mail in error, please notify the sender by phone or email immediately
> and delete it!
>
*******************************************************************************
**********
>
> ----- Original Message -----
> From: Simon Davies <[EMAIL PROTECTED]>
> Date: Monday, August 6, 2007 8:12 pm
> Subject: Re: [sqlite] Best Match Query
>
> > Hi Ragha,
> >
> > C:\Joinerysoft\JMS\TestArea>sqlite3 tst.db
> > SQLite version 3.4.0
> > Enter ".help" for instructions
> > sqlite>
> > sqlite> create table tst( c1 integer, c2 test );
> > sqlite> insert into tst values( 1, '44' );
> > sqlite> insert into tst values( 2, '442' );
> > sqlite> insert into tst values( 3, '4454' );
> > sqlite>
> > sqlite> select * from tst where '4429845' > cast( c2 as text ) order
> > by c2 desc limit 1;
> > 2|442
> >
> > Maybe not the most efficient way, but seems to give requested
> > result...
> > Rgds
> > Simon
> >
> >
> > On 06/08/07, RaghavendraK 70574 <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > >
> > > How to form the SQL query(in SQLite) for the following problem below
> > >
> > > table:
> > > 44
> > > 442
> > > 4454
> > >
> > > Input String: 4429845
> > >
> > > Expected output from SQL query: 442
> > >
> > > regards
> > > ragha
> > >
> > >
> > >
> >
>
*******************************************************************************
***********>
> This email and its attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including, but
> not limited to, total or partial disclosure, reproduction, or dissemination)
> by persons other than the intended recipient(s) is prohibited. If you receive
> this e-mail in error, please notify the sender by phone or email immediately
> and delete it!
> > >
> >
>
*******************************************************************************
**********>
> > > ----- Original Message -----
> > > From: Trevor Talbot <[EMAIL PROTECTED]>
> > > Date: Monday, August 6, 2007 2:39 pm
> > > Subject: Re: [sqlite] a c++ newbie question
> > >
> > > > On 8/5/07, Stephen Sutherland <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > I am trying to treat a string before passing it through my SQL
> > > > statement into the database.
> > > > >
> > > > > I know that a single apostrophe will break the SQL statement.
> > > > > So I have to replace them all to double apostrophes.
> > > >
> > > > > But are there any other characters that will break the SQL
> > > > statement ?
> > > >
> > > > > I actually have a situation where the user creates an XML file
> > > > and the contents of the XML file gets dumped in the database. So
> > > > there is opportunity for a hacker to create an XML file which has
> > > > some SQL statements in it like ' DELETE TABLE X ;
> > > > >
> > > > > So any thoughts or existing code would be great.
> > > >
> > > > Don't attempt to treat strings at all. Instead, always use the
> > > > parametric binding API for whatever database you're using. You
> > > > prepare statements like "INSERT INTO table VALUES (?)", and
> > then pass
> > > > in the input string as a separate argument for the database
> > engine to
> > > > put in place of the "?". This avoids the entire problem of
> > escaping> > special characters, and you don't need to treat your
> > input data
> > > > specially.
> > > >
> > > > For sqlite, use sqlite3_prepare_v2() and sqlite3_bind_text().
> > > > http://sqlite.org/capi3.html should get you up to speed on the
> > > > process, and browse through the other documents on the site
> > for more
> > > > information.
> > > >
> > > > ---------------------------------------------------------------
> > ----
> > > > ----------
> > > > To unsubscribe, send email to [EMAIL PROTECTED]
> > > > ---------------------------------------------------------------
> > ----
> > > > ----------
> > > >
> > > >
> > >
> > > -----------------------------------------------------------------
> > ------------
> > > To unsubscribe, send email to [EMAIL PROTECTED]
> > > -----------------------------------------------------------------
> > ------------
> > >
> > >
> >
> > -------------------------------------------------------------------
> > ----------
> > To unsubscribe, send email to [EMAIL PROTECTED]
> > -------------------------------------------------------------------
> > ----------
> >
> >
>
> -----------------------------------------------------------------------------
> To unsubscribe, send email to [EMAIL PROTECTED]
> -----------------------------------------------------------------------------
>
>
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------
