Home/ Questions/Q 518749
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T07:58:08+00:00

I’m working in a database on vb.net with sqlite which hosts a gallery and

  • 0

I’m working in a database on vb.net with sqlite which hosts a gallery and I want expand the search properities.

This the actual query string:

"SELECT images.*
FROM images 
JOIN nodes 
ON images.id = nodes.image_id 
WHERE tag_id = (SELECT tags.id 
                FROM tags 
                WHERE tag = '" & tagname & "') 
ORDER BY images." & sort & " " & order & ""

But it only can search for only one descriptive tag (tagname) and sort the images and nothing more.

I want to filter the results also for image ext (table = images.ext) or one or more parameter…for example:

If the user search "cars ext:jpg width>500" the the database returns all images which has the tag "cars", has the extension jpg and are bigger than 500 px width.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First of all, if that input is coming in from the user, don’t concatenate strings like that, because it’s succeptible to SQL Injection

    Using SQL Parameters is a way to avoid the injection:

    command.CommandText = "SELECT images.* " &_
                      "FROM images " &_
                      "JOIN nodes " &_
                      "ON images.id = nodes.image_id " &_
                      "WHERE tag_id = (SELECT tags.id " &_
                                      "FROM tags " &_
                                      "WHERE tag = @tag)"

    You can extend this to:

    command.CommandText = "SELECT images.* " &_
                      "FROM images " &_
                      "JOIN nodes " &_
                      "ON images.id = nodes.image_id " &_
                      "WHERE tag_id = (SELECT tags.id " &_
                                      "FROM tags " &_
                                      "WHERE tag = @tag)"

command.Parameters.AddWithValue("@tag", searchTag)


If Not String.IsNullOrEmpty(searchExt) Then
    command.CommandText = command.CommandText & " AND images.ext = @imageExt"
    command.Parameters.AddWithValue("@imageExt", searchExt)
EndIf

If Not String.IsNullOrEmpty(searchWidth) Then
    command.CommandText = command.CommandText & " AND images.width > @imageWidth"
    command.Parameters.AddWithValue("@imageWidth", searchWidth)
EndIf
    • 0