Using SQL escape characters in Powerbuilder inline SQL - sql

I am trying to replace single quote characters in an inline SQL statement.
In SSMS:
SELECT REPLACE('test''test', '''', '')
Result: testtest
In Powerbuilder:
SELECT REPLACE(fieldname, '''', '')
INTO :ls_string
FROM tablename;
Result: 'Incorrect syntax near ''.
Basically, Powerbuilder complains about syntax because it doesn't know what to do with SQL's escape character. If I use Powerbuilder's escape character instead ('~'' versus '''' as the second argument for REPLACE), SQL Server complains about open quotes.
Any suggestions are appreciated.

You probably will have to either put the statement in a datawindow object (using the SQL quote escape method) which you use in the application as a datawindow or datastore OR do the SQL in a function or stored proc. If you go the function route you could call it in an imbedded SQL statement within Powerscript like your examples.
Something like
SELECT ufReplaceTwoQuotes INTO :ls FROM myTable USING SQLCA;
A third option would be to retrieve your data then do the replace within Powerscript (but then you have to wrestle with escaping the single quote within PowerBuilder).

Related

select using keyword values in SQL

I am trying to do a query in a SQLite database equivalent to this:
SELECT act_unit FROM processes WHERE process='processname'
but using the keyword values, so I can specify the name, which is stored in a variable (I am actually running the query in a Jupyter notebook). I've used successfully the keyword values in insert statements, but I do not know how to do it here. I tried several combinations like this one
SELECT act_unit from processes WHERE process=values,('processname')
but I can't figure out how to do it properly.
From the SQLite documentation: https://www.sqlite.org/lang_keywords.html
It would be SELECT act_unit from processes WHERE process="values",('processname')
If you want to use a keyword as a name, you need to quote it. There
are four ways of quoting keywords in SQLite:
'keyword' A keyword in single quotes is a string literal.
"keyword" A keyword in double-quotes is an identifier.
[keyword] A
keyword enclosed in square brackets is an identifier. This is not
standard SQL. This quoting mechanism is used by MS Access and SQL
Server and is included in SQLite for compatibility.
keyword A
keyword enclosed in grave accents (ASCII code 96) is an identifier.
This is not standard SQL. This quoting mechanism is used by MySQL and
is included in SQLite for compatibility.

error using XML in sql query

query is some thing like
update table set configXML='XML' where...
here in XML i have a tag, which contains
Url="javascript:OpenEntityEditor(**'../Entity/EntityEditor.aspx?CNodeID={0}'+','+'resizable=yes,maximize=1'+','+'{0}'**);"
in above line, bond area is throwing error. How pass it as it is? Please guide me.
single quote (') is not allowed in sql query more than once so if there is requirement to use (') more than once then just replace (') with 2 single quotes (''). for example :-
Url="javascript:OpenEntityEditor(''../Entity/EntityEditor.aspx?CNodeID={0}'',''resizable=yes,maximize=1'',''{0}'');"

Nested sql statement in talend (updated)

I am trying to use nested sql in postgresql tPostgresqlRow_1.
But I receive an error.
The following sql runs okay if I run it in PgAdmin.
But in Talend I receive an error.
I am getting the max date from one table and updating the column in another table.
update "STG_magento_de"."configuration_table"
set created_at=(select MAX(created_at) from "STG_magento_de"."sales_flat_order_test")
where table_name='sales_flat_order_test'
The tPostgresqlRow component expects a Java string containing the SQL statement.
The most likely problem is that you have unescaped quotes in the statement. That works fine in pgAdmin because it is valid. To pass the same statement from Talend, you'll have to escape all the quotes in the statement itself. Alternatively, you could try removing the double quotes from the SQL statement.
Remember to enclose the whole thing in quotes, so that it is a proper Java string.
create or replace function eliminarComillas (text) returns text AS $$
select replace(replace(replace($1,'**\"**','"'),'‘','‘'),'’','’');
$$ language sql;"
Following sql with escape quotes worked.
"update \"STG_magento_de\".\"configuration_table\"
set created_at=(select MAX(created_at) from \"STG_magento_de\".\"sales_flat_order_test\")
where table_name='sales_flat_order_test'"

problems with quotes in SQL Netezza

Inside a procedure I have a variable that contains SQL for example like this:
examplesql:= 'SELECT 'asd';';
Where the SQL itself is enclosed with single '' and a value further inside the SQL is also enclosed with single ''. I tried using double "" marks instead but it didnt work. Any suggestions how to accomplish this in Netezza ?
The variable examplesql is later called with EXECUTE IMMIDIATE
This should be the same as (almost) every other DBMS, you need to double the single quotes within the string:
examplesql:= 'SELECT ''O''''Hara';

Single Quote Error

When I insert single quote in search box and press search button it gives error like:
[Microsoft][SQL Server Native Client
10.0][SQL Server]Unclosed quotation mark after the character string ' '.
You should be using parameterized queries instead of constructing your SQL by concatenation.
This will avoid SQL Injection attacks as well as resolve any single quote issues.
The quick fix it to escape the ' by doubling it (''), but this would just be a temporary workaround and your code will still be vulnerable.
Parameterize your SQL queries. There are more serious issues than this called SQL Injection.
You need to escape single quotes, like \' as you're using single quotes to surround where-statements, like where i = 'foo', then you need to write where i = '\'' to match a single quote, or lie where i = 'it\'s a good day today'