Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Jan 2007
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help with SQL select query

    I have an query that I'm using to filter information retrieved from an SQL database.
    Code:
    SELECT InvUnique FROM Inventry WHERE Cat = '367'
    I'm trying to further filter the information that is retrieved. The "Inventry" table also has a column called "Low". In addition to retrieving only records with "367" in the "Cat" column, I would like narrow it down ever further by filtering records that have a number 1 or higher entered in this column "Low" (anything except 0). I don't know how to do this in a SELECT statement.

  • #2
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by kbalona View Post
    I have an query that I'm using to filter information retrieved from an SQL database.
    Code:
    SELECT InvUnique FROM Inventry WHERE Cat = '367'
    I'm trying to further filter the information that is retrieved. The "Inventry" table also has a column called "Low". In addition to retrieving only records with "367" in the "Cat" column, I would like narrow it down ever further by filtering records that have a number 1 or higher entered in this column "Low" (anything except 0). I don't know how to do this in a SELECT statement.
    something like this?
    Code:
    select InvUnique from Inventry where Cat = '367' and Low > 0
    i assumed Low is a numeric field.

    best regards

  • #3
    New Coder
    Join Date
    Jan 2007
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks, that did the trick.

  • #4
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by kbalona View Post
    Thanks, that did the trick.
    you are welcome, if Cat is number is better to not use quote around the value.

    best regards

  • #5
    Banned
    Join Date
    Feb 2011
    Posts
    2,699
    Thanks
    13
    Thanked 395 Times in 395 Posts
    Quote Originally Posted by oesxyl View Post
    if Cat is number is better to not use quote around the value.
    hmmm......is it really better?......some of the well respected sql gurus over at Sitepoint say numbers should be wrapped in quotes as well as part of an overall strategy combating sql injection attacks.

    Perhaps you can explain how you think it is better.
    Last edited by bullant; 05-16-2011 at 01:54 AM.

  • #6
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by bullant View Post
    hmmm......is it really better?......some of the well respected sql gurus over at Sitepoint say numbers should be wrapped in quotes as well as part of an overall strategy combating sql injection attacks.

    Perhaps you can explain how you think it is better.
    maybe this is what you understand from what they said. Comparing string and numbers are different things and have nothing to do with sql injection.

    best regards

  • #7
    Banned
    Join Date
    Feb 2011
    Posts
    2,699
    Thanks
    13
    Thanked 395 Times in 395 Posts
    If the number is not wrapped in quotes then a malicious user could supply a string to do whatever. If the number is wrapped in quotes then the user inputed string becomes part of the string in the sql statement.

    Of course you shouldn't rely on this as the main defence against sql injection because there are much better and more secure ways of combating sql injection, but if the database supports wrapping numbers in quotes I don't have an issue with anyone wrapping the numbers in quotes.

    It boils down to personal choice unless you are dealing with a very large database in which performance might become an issue.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •