Append single quotes at starting and ending of the alphanumeric in Oracle - sql

I have a Crystal Report that has a SQL query, that is passed a alphanumeric number like 9760750B1CC37.
My query is like
Select * from emp where emp_desc = {Parameter}
Now my issue here is emp_desc is a nchar field and when I pass the 9760750B1CC37 without '' query returns no records but I can't pass the value as '9760750B1CC37' from crystal reports.
How can I convert the input 9760750B1CC37 to '9760750B1CC37' in query where clause?
My input is 9760750B1CC37 when it comes to query it should be
Select * from emp where emp_desc = '9760750B1CC37'
Not sure how to do it, either to concatenate the single quotes.

Since your parameter is a string, you need to enclose references to it within the Command inside single quotes.
so just try instead of {Parameter} => '{Parameter}'
so your sql will looks like:
Select * from emp where emp_desc = '{Parameter}'

Related

PostgreSQL where clause condition check with value that contains single quote

Suppose I have an employees table in Postgres DB where I have to insert a value for an employee name which is john's
Since it's Postgres I will escape the single quote ' by doubling them up -> ''
So john's will become john''s
Now when I select that particular row/instance using select query I have to double the quote again. So to select the value john''s I have to write 'john''''s' and my query becomes -
select * from employees where name = 'john''''s'
Is this the best approach? or
Is there any alternative to this process of data insertion and selection for these particular type of data (contains quote)? Any suggestion ?
No you don't have to double the escaped quotes:
select *
from employees
where name = 'john''s'

How to select column name "startwith" in proc sql query in SAS

I am looking a way to select all columns name that "startwith" a specific character. My data contains the same column name multiple time with a digit number at the end and I want the code to always select all the columns regardless the last digit numbers.
For example, if I have 3 kinds of apple in my column names, the dataset will contains the column: "apple_1", "apple_2" and "apple_3". Therefore, I want to select all columns that startwith "apple_" in a proc sql statement.
Thanks you
In regular SAS code you can use : as a wildcard to create a variable list. You normally cannot use variable lists in SQL code, but you can use them in dataset options.
proc sql ;
create table want as
select *
from mydata(keep= id apple_: )
;
quit;
Use like:
proc sql;
select t.*
from t
where col like 'apple%';
If you want the _ character as well, you need to use the ESCAPE clause, because _ is a wildcard character for LIKE:
proc sql;
select t.*
from t
where col like 'apple$_%' escape '$';

How to use curly brace escaping for Oracle

According to this link, I should be able to use curly braces to escape an entire variable string. My understanding is that Oracle (10g or later -- I've been told we use 11g) should treat this (sanitized) SQL query:
SELECT * FROM customer WHERE name = 'Sam'
the same as it treats this one:
SELECT * FROM customer WHERE name = '{Sam}'
I tried it as a sanity check before trying strings that would actually need escaping, and it didn't work. The top query returns data, but the bottom doesn't. Am I doing something wrong?
SELECT * FROM customer WHERE name = q'{Sam}'

How can I store sql statements in an oracle table?

We need to store a select statement in a table
select * from table where col = 'col'
But the single quotes messes the insert statement up.
Is it possible to do this somehow?
From Oracle 10G on there is an alternative to doubling up the single quotes:
insert into mytable (mycol) values (q'"select * from table where col = 'col'"');
I used a double-quote character ("), but you can specify a different one e.g.:
insert into mytable (mycol) values (q'#select * from table where col = 'col'#');
The syntax of the literal is:
q'<special character><your string><special character>'
It isn't obviously more readable in a small example like this, but it pays off with large quantities of text e.g.
insert into mytable (mycol) values (
q'"select empno, ename, 'Hello' message
from emp
where job = 'Manager'
and name like 'K%'"'
);
How are you performing the insert? If you are using any sort of provider on the front end, then it should format the string for you so that quotes aren't an issue.
Basically, create a parameterized query and assign the value of the SQL statement to the parameter class instance, and let the db layer take care of it for you.
you can either use two quotes '' to represent a single quote ' or (with 10g+) you can also use a new notation:
SQL> select ' ''foo'' ' txt from dual;
TXT
-------
'foo'
SQL> select q'$ 'bar' $' txt from dual;
TXT
-------
'bar'
If you are using a programming language such as JAVA or C#, you can use prepared (parametrized) statements to put your values in and retrieve them.
If you are in SQLPlus you can escape the apostrophe like this:
insert into my_sql_table (sql_command)
values ('select * from table where col = ''col''');
Single quotes are escaped by duplicating them:
INSERT INTO foo (sql) VALUES ('select * from table where col = ''col''')
However, most database libraries provide bind parameters so you don't need to care about these details:
INSERT INTO foo (sql) VALUES (:sql)
... and then you assign a value to :sql.
Don't store SQL statements in a database!!
Store SQL Views in a database. Put them in a schema if you have to make them cleaner. There is nothing good that will happen ever if you store SQL Statements in a database, short of logging this is categorically a bad idea.
Also if you're using 10g, and you must do this: do it right! Per the FAQ
Use the 10g Quoting mechanism:
Syntax
q'[QUOTE_CHAR]Text[QUOTE_CHAR]'
Make sure that the QUOTE_CHAR doesnt exist in the text.
SELECT q'{This is Orafaq's 'quoted' text field}' FROM DUAL;

CONTAINSTABLE and CONTAINS, which string to pass to match all records?

We have a Single Statement FUNCTION in SQL Server 2005 which uses CONTAINSTABLE().
All works fine when we pass a non empty search string. Is there a wildcard string we can pass to CONTAINSTABLE() so that it matches all records in a table.
Kind regards,
You have to use logic within the stored procedure to run a SQL statement without the CONTAINSTABLE predicate if there isn't a full text phrase to search by.
I don't think there is, you'd have to do something like (psuedocode)
IF #searchterm='*'
SELECT * FROM YOURTTABLE
ELSE
SELECT * FROM YOURTABLE INNER JOIN CONTAINSTABLE etc
END IF