Suppose I have an employees table in Postgres DB where I have to insert a value for an employee name which is john's
Since it's Postgres I will escape the single quote ' by doubling them up -> ''
So john's will become john''s
Now when I select that particular row/instance using select query I have to double the quote again. So to select the value john''s I have to write 'john''''s' and my query becomes -
select * from employees where name = 'john''''s'
Is this the best approach? or
Is there any alternative to this process of data insertion and selection for these particular type of data (contains quote)? Any suggestion ?
No you don't have to double the escaped quotes:
select *
from employees
where name = 'john''s'
Related
I want to select rows based on a column value. I know for a fact the column value exists. The first query returns 100 rows from the listing table. The second query, which looks for listings.OriginatingSystemName = 'mfrmls` returns nothing. Why?
(Removing the quotes or using double quotes does not work).
I am using pgAdmin4 to run these queries.
first query:
select * from listing limit 100;
second query:
select * from listing where 'listing.OriginatingSystemName' = 'mfrmls'
This produces a 'column does not exist' error:
select * from listing where OriginatingSystemName = 'mfrmls'
The correct syntax is to just write the column name in your WHERE statement:
SELECT * FROM listings WHERE "OriginatingSystemName" = 'mfrmls';
To elaborate further:
What your original query is doing is selecting every row in the listings table where the text string 'listings.OriginatingSystemName' is equal to this other text string 'mfrmls'. It is not actually grabbing the value from the column you want. No row in the table satisfies your where statement because your where statement is always false. Therefore, no rows are returned but the query was a success.
We need to implement the double quotes when dealing with case-sensitive identifiers. Here is some helpful documentation.
I know this is very bad naming practice, but I am not the owner of the table...
I need to run :
SELECT COL_"NAME"
FROM TABLE
where COL_"NAME" is the name of the column, containing double quotes.
I tried :
SELECT COL_""NAME""
FROM TABLE
SELECT COL_\"NAME\"
FROM TABLE
But nothing works
Identifier Requirements:
To use the double quote character inside a quoted identifier, use two quotes.
To access column: COL_"NAME"
SELECT "COL_""NAME"""
FROM TABLE;
I have a Crystal Report that has a SQL query, that is passed a alphanumeric number like 9760750B1CC37.
My query is like
Select * from emp where emp_desc = {Parameter}
Now my issue here is emp_desc is a nchar field and when I pass the 9760750B1CC37 without '' query returns no records but I can't pass the value as '9760750B1CC37' from crystal reports.
How can I convert the input 9760750B1CC37 to '9760750B1CC37' in query where clause?
My input is 9760750B1CC37 when it comes to query it should be
Select * from emp where emp_desc = '9760750B1CC37'
Not sure how to do it, either to concatenate the single quotes.
Since your parameter is a string, you need to enclose references to it within the Command inside single quotes.
so just try instead of {Parameter} => '{Parameter}'
so your sql will looks like:
Select * from emp where emp_desc = '{Parameter}'
Is it possible to check if a row contains a string without conisdering spaces?
Suppose I have a table like the one above. I want to know if the query column contains a string that may have different consecutive number of space than the one stored or vice versa?
For example: the first row's query is select id, username from postgresql, and the one I want to know if stored in the table is:
select id, username
from postgresql
That is to say the one that I want to know if exists in the table is indented differently and hence has different number of space.
You can use REGEXP_REPLACE; this will likely be very slow on large data set.
SELECT * from table
where REGEXP_REPLACE('select id, username from postgresql ', '\s+$', '') = REGEXP_REPLACE(query, '\s+$', '')
I think you would phrase this as:
where $str ~ replace('select id, username from postgresql', ' ', '[\s]+')
Note: This assumes that your string does not have other regular expression special characters.
We need to store a select statement in a table
select * from table where col = 'col'
But the single quotes messes the insert statement up.
Is it possible to do this somehow?
From Oracle 10G on there is an alternative to doubling up the single quotes:
insert into mytable (mycol) values (q'"select * from table where col = 'col'"');
I used a double-quote character ("), but you can specify a different one e.g.:
insert into mytable (mycol) values (q'#select * from table where col = 'col'#');
The syntax of the literal is:
q'<special character><your string><special character>'
It isn't obviously more readable in a small example like this, but it pays off with large quantities of text e.g.
insert into mytable (mycol) values (
q'"select empno, ename, 'Hello' message
from emp
where job = 'Manager'
and name like 'K%'"'
);
How are you performing the insert? If you are using any sort of provider on the front end, then it should format the string for you so that quotes aren't an issue.
Basically, create a parameterized query and assign the value of the SQL statement to the parameter class instance, and let the db layer take care of it for you.
you can either use two quotes '' to represent a single quote ' or (with 10g+) you can also use a new notation:
SQL> select ' ''foo'' ' txt from dual;
TXT
-------
'foo'
SQL> select q'$ 'bar' $' txt from dual;
TXT
-------
'bar'
If you are using a programming language such as JAVA or C#, you can use prepared (parametrized) statements to put your values in and retrieve them.
If you are in SQLPlus you can escape the apostrophe like this:
insert into my_sql_table (sql_command)
values ('select * from table where col = ''col''');
Single quotes are escaped by duplicating them:
INSERT INTO foo (sql) VALUES ('select * from table where col = ''col''')
However, most database libraries provide bind parameters so you don't need to care about these details:
INSERT INTO foo (sql) VALUES (:sql)
... and then you assign a value to :sql.
Don't store SQL statements in a database!!
Store SQL Views in a database. Put them in a schema if you have to make them cleaner. There is nothing good that will happen ever if you store SQL Statements in a database, short of logging this is categorically a bad idea.
Also if you're using 10g, and you must do this: do it right! Per the FAQ
Use the 10g Quoting mechanism:
Syntax
q'[QUOTE_CHAR]Text[QUOTE_CHAR]'
Make sure that the QUOTE_CHAR doesnt exist in the text.
SELECT q'{This is Orafaq's 'quoted' text field}' FROM DUAL;