This question already has answers here:
How do I search for names with apostrophe in SQL Server?
(9 answers)
Closed 5 years ago.
If im trying to search for 'RYAN'S TEAM' in sql it doesnt like the fact that i have an apostrophe ' in RYAN'S and detects that as the end of the LIKE statement.
[Team] LIKE '%RYAN'S TEAM%'
It recognises the whole next line as red in sql server. Is there anyway around this as RYAN'S TEAM is the way it is stored in the database.
This will work:
[Team] LIKE '%RYAN''S TEAM%'
You just have to double the quote chars.
Related
This question already has answers here:
What is the meaning of the prefix N in T-SQL statements and when should I use it?
(4 answers)
Why is sql server storing question mark characters instead of Japanese characters in NVarchar fields?
(8 answers)
Closed 4 months ago.
I have a text in the database with the symbol "➜". When I display it on the web page, I get a "?" instead. Can someone help me?
Best regards
This question already has answers here:
Empty space at the end of SQL Server query results
(3 answers)
Closed 8 months ago.
I'm currently working in an SQL database where a column has trailing spaces.
The spaces in question show up as %20 in the browser url.
I've been able to remove them with a select query but whenever I convert it to an update an set query it doesn't seem to work, any input would be appreciated.
Working select query:
select [dbo].[udf-Str-Strip-Control](identifier)
from [AHDRC].[dbo].[artworks]
Broken update query:
update [AHDRC].[dbo].[artworks]
SET [identifier] = [dbo].[udf-Str-Strip-Control](identifier);
SELECT [identifier]
From [AHDRC].[dbo].[artworks];
I am currently using SQL server management studio
[identifier] is a nchar(128)
Apologies if anything is unclear / badly formatted.
[identifier] was a nchar(128) causing trailing spaces.
This question already has answers here:
How to escape ampersand in TOAD?
(3 answers)
Closed 3 years ago.
I've seen a bunch of related posts, but none yet that resolve my specific question.
In Oracle SQL I need to do something like this:
SELECT field1 "Eggs&Cheese"
FROM table1;
But it reads the &Cheese and wants to do parameter substitution. I just want the field name to be Eggs&Cheese
I saw this post Escape ampersand with SQL Server, but Oracle does not like the bracket [] syntax.
And also Escaping ampersand character in SQL string, but that is escaping the ampersand in a value string, not a label string.
The substitution is related to tool you are using and has nothing to do with column alias.
db<>fiddle demo
Depending on the tool you could disable it like "set define off".
Related: Set define off not working in Oracle SQL Developer & How to escape ampersand in TOAD?
You have to set the escape. Works in Oracle SQL Developer.
set escape \
SELECT field1 "Eggs\&Cheese" FROM table1;
After your work is done you can set it off.
set escape off
This question already has answers here:
SQL Server - Remove all non-printable ASCII characters
(4 answers)
Closed 4 years ago.
I have a sql server table where control characters appear when column is copied and pasted into notepad. I need to remove/replace these control characters. For example here is a text i copied from my sql server table into notepad
How do i remove "OSC". I have searched the net and here but cant find anything on this. Table was imported from SSIS as ANSI (i also tried data conversion in ssis to convert the column to ascii but still to no avail).
"OSC" is CHAR(157). Try using REPLACE(Values, CHAR(157), ''). If it works then you can update in the table. Hope it helps.
This question already has answers here:
How can sanitation that escapes single quotes be defeated by SQL injection in SQL Server?
(6 answers)
Closed 3 years ago.
Hello I am going through some SQL injection examples and I have the following scenario:
In this example, aware of the risk of SQL injection, the developer decided to block single quotes ' by removing any single quote ' in the query. However, there is still a way to break out of the SQL syntax and inject arbitrary SQL.
To do so, you need to think of the query:
SELECT * FROM users WHERE username='[username]' and password='[password]'
The problem here is that you cannot, in theory, break out of the single quotes ' since you cannot inject any quote. However, if you inject a back-slash \, the second ' in the query (the one supposed to finish the string [username] will be escaped and will be closed by the third one (the one supposed to start the string [password].
Doesn't this mean that if I input a "\" on the username field it will automatically break the query? and look something like
SELECT * FROM users WHERE username='[username] and password=' ..
Am I missing something ? Should I provide the backslash in another way?
Ok I have found the answer:
The username should be : \
and password : or 1#
Then the query will look something like this
SELECT * FROM users WHERE username = '\' AND password=' or 1#