Difference between revisions of "Portable SQL/Common/Aliases"

From Linuxnetworks
Jump to: navigation, search
(Alias and quotes)
 
(relocated quotes/numeric section)
Line 7: Line 7:
  
 
  SELECT * FROM table t WHERE t.id = 0
 
  SELECT * FROM table t WHERE t.id = 0
 
= Quotes and numeric values =
 
 
MS SQL Server and Sybase ASE doesn't allow single quotes (') around numeric values (integer and floating point values), for example
 
 
INSERT INTO table (floatval,string) VALUES ('-3.14','some text')
 
 
generates an error when using these servers. They only accept
 
 
INSERT INTO table (floatval,string) VALUES (-3.14,'some text')
 
 
This gets tricky if the values are supplied by a user. You must validate the input to be sure it is a numeric value and you can't use the escape() function. Otherwise, if you don't look at the input, your application will be vulnerable to SQL injection and you will be in deep trouble.
 
  
  
 
----
 
----
 
Back to [[OpenDBX|Overview]]
 
Back to [[OpenDBX|Overview]]

Revision as of 21:37, 3 September 2006


Alias for tables and columns

Don't use the keyword "AS" between name and alias as no DBMS requires it and some don't recognize it. Instead, always write 

SELECT * FROM table t WHERE t.id = 0


Back to Overview

Retrieved from "https://www.linuxnetworks.de/doc/index.php?title=Portable_SQL/Common/Aliases&oldid=2062"