Closed qissue-bot closed 5 years ago
Original Redmine Comment Author Name: Giovanni Manghi (Giovanni Manghi) Original Date: 2010-02-02T03:09:06.000Z
Did you tried adding the wildcards?
Original Redmine Comment Author Name: GuZzO - (GuZzO -) Original Date: 2010-02-02T03:24:59.000Z
I tried adding % and * before and/or after the word I searched but nothing changes.... I only got results when i search the exact word (including capitals letters)
I use [[PostGIS]] as vectors provider.
Original Redmine Comment Author Name: marisn - (marisn -) Original Date: 2010-02-21T07:24:38.000Z
Unfortunately "Quick search" is not an "find" anymore. Wildcards are not accepted, unescaped SQL also gives errors. I.e. try to find "ab'c" ->
syntax error, unexpected Unknown_CHARACTER, expecting $end
Also it allows to inject SQL. I.e. select all records:
text' or 1=1 or COLUMN like 'text
Tested on QGIS trunk r12951M with Shapefile (DBF).
Original Redmine Comment Author Name: Martin Dobias (Martin Dobias) Original Date: 2010-03-28T01:18:44.000Z
Fixed in commit:c39ef3de (SVN r13180) (and escaping quotes in )
Author Name: GuZzO - (GuZzO -) Original Redmine Issue: 2407, https://issues.qgis.org/issues/2407
Original Assignee: nobody -
When i start a search within attribute tables with Mimas (1.0.3), searches return results as if it was a SQL request -> SELECT * FROM table WHERE column like '%word_to_search%'
When i start a search within attribute tables with Enceladus (1.0.4), searches return results as if it was an exact match SQL request -> SELECT * FROM table WHERE column = 'word_to_search'
I don't know if it's referenced as bug but I prefer the previous behaviour. The new one is too rigid...