Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

SQL REGEXP

ClémentClément
edited December 2014 in Vanilla 2.0 - 2.8

Hello,

I can not build a SQL query with REGEXP.

I tested with :

    $SQL = Gdn::SQL();
        $SQL
            ->Select('u.Name')
            ->From('User u')
            ->Where('u.Name REGEXP', '^Clément')
            ->Limit(1)
            ->OrderBy('u.Name', 'desc');

Or :

        $SQL = Gdn::SQL();
        $SQL
            ->Select('u.Name')
            ->From('User u')
            ->Where('u.Name REGEXP "^Clément"')
            ->Limit(1)
            ->OrderBy('u.Name', 'desc');

Thank you for your help ! :)

Best Answer

  • R_JR_J Admin
    edited December 2014 Answer ✓

    You may have luck with ->Where('u.Name regexp "^Clément([0-9]+)$"', null, false, false).

Answers

  • x00x00 MVP

    Using REGEXP on this way is redundant

    use ->Like('u.Name','Clément%')

    grep is your friend.

  • peregrineperegrine MVP
    edited December 2014

    .

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • x00x00 MVP

    sorry

    ->Like('u.Name','Clément','right')

    grep is your friend.

  • JasonBarnabeJasonBarnabe ✭✭

    Assuming you need REGEXP for something more important than that example, what happens if you use what you have? You may be getting hit by https://github.com/vanilla/vanilla/pull/2308

  • ClémentClément
    edited December 2014

    Thank you x00. It was just one example, the final sql will be more complex, like:
    ->Where('u.Name REGEXP "^Clément([0-9]+)$"')

    Result : where u.Name REGEXP "^Clément([0-9]+)$" is null :\

    I'll drop $SQL->Where() and use $SQL->Query()

  • R_JR_J Admin
    edited December 2014 Answer ✓

    You may have luck with ->Where('u.Name regexp "^Clément([0-9]+)$"', null, false, false).

  • ClémentClément
    edited December 2014

    It works !!! :D

    Last question : How to avoid sql injection with variable $Name ?

    Exemple :

                $Name = 'Clément';
            $SQL = Gdn::SQL();
            $SQL
                ->Select('u.Name')
                ->From('User u')
                ->Where('u.Name REGEXP "^'.$Name.'([0-9]+)$"', null, false, false)
                ->Limit(1)
                ->OrderBy('u.Name', 'desc');
  • x00x00 MVP
    edited December 2014

    clement I was thinking the same. escape like so:

                $Name = 'Clément';

            $Name = preg_quote($Name);

            $SQL = Gdn::SQL();
            $SQL->NamedParameter('RegexUserName', TRUE, "^{$Name}([0-9]+)$" );

            $SQL = Gdn::SQL();
            $SQL
                ->Select('u.Name')
                ->From('User u')
                ->Where('u.Name REGEXP :RegexUserName', null, false, false)
                ->Limit(1)
                ->OrderBy('u.Name', 'desc');

    grep is your friend.

  • x00x00 MVP

    I provided two types of escape. The regular expression and the query quote.

    You might actually want to simply use the garden user name regular expression, to check it against that.

    grep is your friend.

  • ClémentClément

    Thank you very much, it's perfect ! :)

Sign In or Register to comment.