Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Selecting everything in a table... with a where statement

I have an interesting situation where I'm trying to select everything in a sql server table but I only have to access the table through an old company API instead of SQL. This API asks for a table name, a field name, and a value. It then plugs it in rather straightforward in this way:

select * from [TABLE_NAME_VAR] where [FIELD_NAME_VAR] = 'VALUE_VAR';

I'm not able to change the = sign to != or anything else, only those vars. I know this sounds awful, but I cannot change the API without going through a lot of hoops and it's all I have to work with.

There are multiple columns in this table that are all numbers, all strings, and set to not null. Is there a value I can pass this API function that would return everything in the table? Perhaps a constant or special value that means it's a number, it's not a number, it's a string, *, it's not null, etc? Any ideas?

like image 409
dallin Avatar asked Dec 20 '22 01:12

dallin


1 Answers

No this isn't possible if the API is constructed correctly.

If this is some home grown thing it may not be, however. You could try entering YourTable]-- as the value for TABLE_NAME_VAR such that when plugged into the query it ends up as

select * from [YourTable]--] where [FIELD_NAME_VAR] = 'VALUE_VAR';

If the ] is either rejected or properly escaped (by doubling it up) this won't work however.

like image 158
Martin Smith Avatar answered Dec 22 '22 15:12

Martin Smith