Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SQL In Clause with Zero to Many Parameters

Tags:

sql

mysql

I have a SQL query which is parameterized by a very limited in-house framework. The query looks like this:

Select * from somewhere
where name IN (:parameter);

The code will inject zero to many strings into the location specified by :parameter. The ":parameter" flag can only be used within the "IN" clause (so it can't be moved after the where clause to conditionally insert the 'name IN') section.

Sometimes the user will set parameter to:

'dog', 'cat'

Other times, the user will not put any values into the :parameter variable. This causes a problem since the resulting SQL query will be:

Select * from somewhere
where name IN ();

My code can catch the case where parameter is empty, but I need something which I can inject into the IN statement which is guaranteed to NEVER match an actual string.

Is there any SQL regular expression which I could inject which would NEVER match any string? Something like %.% or something....

Thanks!

like image 933
David Avatar asked Sep 14 '10 14:09

David

People also ask

How many values can be passed in in clause in SQL?

Answer: Oracle allows up to 1,000 IN list values in a SQL statement.

Can WHERE clause have multiple values?

The IN operator allows you to specify multiple values in a WHERE clause. The IN operator is a shorthand for multiple OR conditions.

How many values can be passed in in clause in MySQL?

The number of values in the IN Caluse can vary anywhere from 0 to thousands.

2 Answers

You can say:

where name in (null)

This will never match, since nothing is equal to null (not even null itself.)

like image 156
Andomar Avatar answered Sep 21 '22 10:09

Andomar

null should not match with anything.

like image 41
gpeche Avatar answered Sep 25 '22 10:09

gpeche
Sign in to Comment

Related questions

Using Postgres JSON Functions on table columns
unable to select top 10 records per group in sparksql
PostgreSql: select only weekends
Create database in Knex migration
Cannot connect to a local mysql db with sqlalchemy on windows machine
Determine Rank based on Multiple Columns in MySQL
SQL Order By: Specific Value First, then Ordering?
SQL Server - Dirty Reads Pros & Cons
C# - SQLClient - Simplest INSERT
PHP: multiple SQL queries in one mysql_query statement
List of source members in a file with SQL
AutoIncrement fields on databases without autoincrement field
SQL not equals & null
Log changes to database table with trigger
How to make comment reply query in MYSQL?
Is it OK to nest database views?
When should I create database indexes? [duplicate]
django - guide to ORM for SQL users?
Mysql: how to select groups having certain values?
SQL Server Full-Text-Search FREETEXTTABLE search multiple columns

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!