How do I perform an IF…THEN in an SQL SELECT statement? For example: Answer The CASE statement is the closest to IF in SQL and is supported on all versions of SQL Server. You only need to use the CAST operator if you want the result as a Boolean value. If you are happy with an int, this works: CASE
How can I prevent SQL injection in PHP?
If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST[‘user_input’]; …
What are the use cases for selecting CHAR over VARCHAR in SQL?
I realize that CHAR is recommended if all my values are fixed-width. But, so what? Why not just pick VARCHAR for all text fields just to be safe. Answer The general rule is to pick CHAR if all rows will have close to the same length. Pick VARCHAR (or NVARCHAR) when the length varies significantly. CHAR may also be a
performing datetime related operations in PHP
How do you actually perform datetime operations such as adding date, finding difference, find out how many days excluding weekends in an interval? I personally started to pass some of these operations …
How do I (or can I) SELECT DISTINCT on multiple columns?
I need to retrieve all rows from a table where 2 columns combined are all different. So I want all the sales that do not have any other sales that happened on the same day for the same price. The …
Is there a standard approach to generating sql dynamically?
I want to ask how other programmers are producing Dynamic SQL strings for execution as the CommandText of a SQLCommand object. I am producing parameterized queries containing user-generated WHERE …
How can you handle an IN sub-query with LINQ to SQL?
I’m a bit stuck on this. Basically I want to do something like the following SQL query in LINQ to SQL: Any help would be gratefully received. Answer Have a look at this article. Basically, if you want to get the equivalent of IN, you need to construct an inner query first, and then use the Contains() method. Here’s my
RegEx to Detect SQL Injection
Is there a Regular Expression that can detect SQL in a string? Does anyone have a sample of something that they have used before to share?
How to concatenate strings of a string field in a PostgreSQL ‘group by’ query?
I am looking for a way to concatenate the strings of a field within a group by query. So for example, I have a table: and I wanted to group by company_id to get something like: There is a built-in function in mySQL to do this group_concat Answer PostgreSQL 9.0 or later: Modern Postgres (since 2010) has the string_agg(expression, delimiter)
SQL Server – Best way to get identity of inserted row?
What is the best way to get IDENTITY of inserted row? I know about @@IDENTITY and IDENT_CURRENT and SCOPE_IDENTITY but don’t understand the pros and cons attached to each. Can someone please explain the differences and when I should be using each? Answer @@IDENTITY returns the last identity value generated for any table in the current session, across all scopes.