Page 1 of 2

IN operator

Posted: Tue Jun 14, 2005 2:50 pm
by gzip
Is the IN operator available in Webinator 2.5? If not, is there an easy way to achieve the same effect?

IN operator

Posted: Tue Jun 14, 2005 2:57 pm
by John
The SQL in Webinator 2.5 does understand IN. What are you trying to achieve?

IN operator

Posted: Tue Jun 14, 2005 3:03 pm
by gzip
I want to retrieve several specific records by using the -unique id hash, something like "select Title, Meta, id from html where id IN(78227130186c6924,516a512811223548)". I haven't tried it yet, just making sure it will work.

IN operator

Posted: Tue Jun 14, 2005 4:06 pm
by John
You would need single quotes around the values, but it will work.

IN operator

Posted: Tue Jun 14, 2005 5:47 pm
by gzip
Well I tried it and I get a "garbled time in the function month" error.

IN operator

Posted: Tue Jun 14, 2005 6:33 pm
by gzip
Ok, I've done a bit more troubleshooting and it looks like the problem has to do with passing a variable through the query string. I'm passing a variable "rid" like so: script?db=db&cmd=list&rid='237841204f4e3428','41122840106a4930'

The script fails with the error above when I try:
<SQL "select Title, Meta, id from html where id IN ($rid)">

But works fine when I hardcode the values:
<SQL "select Title, Meta, id from html where id IN ('237841204f4e3428','41122840106a4930')">

The $rid variable looks fine when I output it, so what am I doing wrong?

IN operator

Posted: Tue Jun 14, 2005 8:59 pm
by John
An inline variable can only represent a single value, and would not need the single quotes. If you write the query as:

<SQL "select Title, Meta, id from html where id IN (" $rid ")">

it should work, however you do run the risk of SQL injection, and so should validate the value of $rid.

IN operator

Posted: Wed Jun 15, 2005 12:14 pm
by gzip
Unfortunately that breaks the whole script. I'm guessing it's the nested double quotes. I tried variations using single quotes but no luck. Note taken on the SQL injection. Any other ideas? Would something like the following work?

script?rid=237841204f4e3428,41122840106a4930
<split "," $rid></split>
<SQL "select Title, Meta, id from html where id IN ($ret)">

IN operator

Posted: Thu Jun 16, 2005 11:45 am
by gzip
?

IN operator

Posted: Thu Jun 16, 2005 12:06 pm
by John
No, the above wouldn't work. What is the error you were getting with the $rid as a separate component? That should work.