I am migrating one project from Oracle 11 to PG 12 and have the following oracle code:
"... like lower(q'$%" +string + "%$') .... "
Could anyone say exact equivalent of this code in PostgreSQL?
This uses Oracles alternative quoting mechanism -- which seems unnecessary. I think this is equivalent:
like lower('%" + string + "%')
That said, you should be passing string in as a parameter rather than munging the query string. That is regardless of database.
Related
Basically trying to use a wildcard SQL to select and fields that hold the data from txtclass in the homework column of the database. But for some reason what i have done is causing an error. (im am using VB.net)
The standard wildcard character is the % not the *. It seems that you have taken this query directly from the designer of MS-Access (and perhaps the * is supported by this database system also from ADO.NET).
However there is a bigger problem
The wildcard should be part of the string to match against the LIKE not outside the single quotes
... LIKE '%" + txtclass.Text + "'))";
Said that you should start immediately to use a parameterized query instead of string concatenation if you want to avoid Sql Injection and parsing problems
Use like=* '%txtClass.text%' instead of like=' &txtClass.text&'
Try your SQL statement as:
SELECT tblQuiz.QuizID, tblQuiz.Classhomework FROM tblQuiz WHERE
tblQuiz.Classhomework LIKE '%' + pupilclass + '%';
How can I perform a Query to my Database (using tOracleInput), like a Select, and use Strings that are already defined as parameters in other components, for example in a 'tFlowToIterate' ?
For example: "SELECT * from TABLE_X where FIELD_X= ? ;"
My '?' is the variable that comes from my tFlowToIterate component (foo). I already tried with (String)globalMap.get("foo"), and other similar forms...
Thanks
[Talend Open Studio for Data Integration v5.3.1;
DB: Oracle]
You answered by yourself. tOracleInput component accepts the query as parameter. This is a very boring java String, no more, no less. This means that if you want to use a globalMap element inside a query, you just need to do a java String concatenation. Something like that:
"SELECT * from TABLE_X where FIELD_X='" + (String)globalMap.get("foo") + "'"
but this won't work (look carefully at the quotes):
"SELECT * from TABLE_X where FIELD_X='(String)globalMap.get("foo")'"
Keep in mind that if you write a query using string concatenation and external vars, the query editor will probably going to mess all the quotes, generating a broken query.
As a general advice, I never suggest to use the "*" operator inside a database input component like tOracleInput. Talend has a fixed-scheme structure that is generated at compile time. This means that if one day you'll add a column to TABLE_X, your ETL will going to fail.
A more robust solution is the following:
Write down your query with the * operator
Click "Guess Schema" to retrieve the table schema and put in your component metadata
Now click "Guess Query" to explicitely rewrite your SELECT
Fix the query (ie. WHERE conditions,...) if needed
You just need to concatenate it with your variable.
So in your case it would look like:
"SELECT *
FROM TABLE_X
WHERE FIELD_X = '" + (String)globalMap.get("foo") + "'"
before I used :
entityManagerFactory.createQuery("select p FROM Pays p where SUBSTRING(p.libeleClient, 0,1)
but when I use this query :
entityManagerFactory.createQuery("select p FROM Pays p where SUBSTR(p.libeleClient, 0,1)
I get an exception :(
who to remplace SUBSTRING by SUBSTR ?
SUBSTR is the function from Oracle
SUBSTRING is the function from MySql
depends on DB which u r using
EDIT:
try to edit your java code like below
String query = "select p FROM Pays p where SUBSTRING(p.libeleClient, 0,1)";
// from Connection Object (connection)
DatabaseMetaData meta = connection.getMetaData();
//If the DB is Oracle
if(meta.getDatabaseProductName()).contains("Oracle")) {
entityManagerFactory.createQuery(query.replace("SUBSTRING", "SUBSTR"));
}// If the DB not Oracle , any Other like MySql
else {
entityManagerFactory.createQuery(query);
}
substring is the sql operation defined in the sql standard ISE:IEC 9075:1992.
substr is an old syntax used by oracle. This wrong syntax is completely inconsistent with sql usage of real english words, never abbreviations.
Oracle still does not support the standard syntax.
Did anyone wrote a hack in oracle to support the standard syntax ?
You don't say what exception you get, but I 'm guessing it's a syntax error. The correct syntax for Oracle's SUBSTR() is ...
where SUBSTR(p.libeleClient, 0,1) = 'X'
...(or whatever). That is the first occurence of a single character must equal; some specified value. SUBSTR() is not a boolean function.
Whereas SUBSTRING() is not an oracle function at all. Either you've borrowed the syntax from some other database, or you're using a bespoke function without realising it.
"I tried your suggestion but it does not work"
Do you get an error? Or do you mean it doesn't return any records? Because I have given a perfectly valid usage, as defined in the documentation. But you haven't given any examples of your data, so it's almost impossible for me to provide a solution which will return rows from your database.
How to construct sqlite query containing ampersand in filter:
SELECT id FROM mediainfo WHERE album="Betty & Kate";
I use sqlite C interface (sqlite3_bind_text() and ? marks while query building) but neither C query nor SQLite Administrator return any data
& is not a special character either in C strings or in SQL strings, so I don't think that's the problem. Try the same query from a tool like SQLite Database Browser.
This question already has answers here:
How to anticipate and escape single quote ' in oracle
(2 answers)
Closed 7 years ago.
I have a database with names in it such as John Doe etc. Unfortunately some of these names contain quotes like Keiran O'Keefe. Now when I try and search for such names as follows:
SELECT * FROM PEOPLE WHERE SURNAME='O'Keefe'
I (understandably) get an error.
How do I prevent this error from occurring. I am using Oracle and PLSQL.
The escape character is ', so you would need to replace the quote with two quotes.
For example,
SELECT * FROM PEOPLE WHERE SURNAME='O'Keefe'
becomes
SELECT * FROM PEOPLE WHERE SURNAME='O''Keefe'
That said, it's probably incorrect to do this yourself. Your language may have a function to escape strings for use in SQL, but an even better option is to use parameters. Usually this works as follows.
Your SQL command would be :
SELECT * FROM PEOPLE WHERE SURNAME=?
Then, when you execute it, you pass in "O'Keefe" as a parameter.
Because the SQL is parsed before the parameter value is set, there's no way for the parameter value to alter the structure of the SQL (and it's even a little faster if you want to run the same statement several times with different parameters).
I should also point out that, while your example just causes an error, you open youself up to a lot of other problems by not escaping strings appropriately. See http://en.wikipedia.org/wiki/SQL_injection for a good starting point or the following classic xkcd comic.
Oracle 10 solution is
SELECT * FROM PEOPLE WHERE SURNAME=q'{O'Keefe}'
Parameterized queries are your friend, as suggested by Matt.
Command = SELECT * FROM PEOPLE WHERE SURNAME=?
They will protect you from headaches involved with
Strings with quotes
Querying using dates
SQL Injection
Use of parameterized SQL has other benefits, it reduces CPU overhead (as well as other resources) in Oracle by reducing the amount of work Oracle requires in order to parse the statement. If you do not use parameters (we call them bind variables in Oracle) then "select * from foo where bar='cat'" and "select * from foo where bar='dog'" are treated as separate statements, where as "select * from foo where bar=:b1" is the same statement, meaning things like syntax, validity of objects that are referenced etc...do not need to be checked again. There are occasional problems that arise when using bind variables which usually manifests itself in not getting the most efficient SQL execution plan but there are workarounds for this and these problems really depend on the predicates you are using, indexing and data skew.
Input filtering is usually done on the language level rather than database layers.
php and .NET both have their respective libraries for escaping sql statements. Check your language, see waht's available.
If your data are trustable, then you can just do a string replace to add another ' infront of the ' to escape it. Usually that is enough if there isn't any risks that the input is malicious.
I suppose a good question is what language are you using?
In PHP you would do: SELECT * FROM PEOPLE WHERE SURNAME='mysql_escape_string(O'Keefe)'
But since you didn't specify the language I will suggest that you look into a escape string function mysql or otherwise in your language.
To deal quotes if you're using Zend Framework here is the code
$db = Zend_Db_Table_Abstract::getDefaultAdapter();
$db->quoteInto('your_query_here = ?','your_value_here');
for example ;
//SELECT * FROM PEOPLE WHERE SURNAME='O'Keefe' will become
SELECT * FROM PEOPLE WHERE SURNAME='\'O\'Keefe\''
Found in under 30s on Google...
Oracle SQL FAQ