SQL Server - what does it mean `N'some string`? [duplicate] - sql

This question already has answers here:
What does N' stands for in a SQL script ? (the one used before characters in insert script)
(7 answers)
Closed 5 years ago.
What does it mean N'some string' in SQL Server. I mean if I can use it to prevent against SQL Injection?
For example:
... LIKE N'%somePattern%'
Is SQL Injection safe ?

The N has nothing to with SQL injection. You need to use it when you use unicode data
From msdn:
Prefix Unicode character string constants with the letter N. Without
the N prefix, the string is converted to the default code page of the
database. This default code page may not recognize certain characters.

It means the string is an nchar as opposed to a char (see What is the difference between char, nchar, varchar, and nvarchar in SQL Server?)
It's purely about the datatype - nothing to do with SQL injection at all.

Related

Select Stored procedure query [duplicate]

This question already has answers here:
SQL Server LIKE containing bracket characters
(3 answers)
Closed 10 months ago.
I am trying to select certain stored procedures within my database.
What I want is all stored procedures that start with Get_ but I cannot get proper results. It seems to ignore the _ for some reason. Running SQL Server 2019 developer version.
Here is my code:
select *
from information_schema.routines
where routine_type = 'PROCEDURE' and specific_name like 'Get_%'
The underscore _ character is a wildcard in SQL Server t-sql. Use LIKE 'Get[_]%' to explictly match an actual underscore in the string.
From the documentation - "[ ] (Wildcard - Character(s) to Match)":
Matches any single character within the specified range or set that is
specified between brackets [ ]. These wildcard characters can be used
in string comparisons that involve pattern matching, such as LIKE and
PATINDEX.

Oracle SQL - Escape ampersand in field name [duplicate]

This question already has answers here:
How to escape ampersand in TOAD?
(3 answers)
Closed 3 years ago.
I've seen a bunch of related posts, but none yet that resolve my specific question.
In Oracle SQL I need to do something like this:
SELECT field1 "Eggs&Cheese"
FROM table1;
But it reads the &Cheese and wants to do parameter substitution. I just want the field name to be Eggs&Cheese
I saw this post Escape ampersand with SQL Server, but Oracle does not like the bracket [] syntax.
And also Escaping ampersand character in SQL string, but that is escaping the ampersand in a value string, not a label string.
The substitution is related to tool you are using and has nothing to do with column alias.
db<>fiddle demo
Depending on the tool you could disable it like "set define off".
Related: Set define off not working in Oracle SQL Developer & How to escape ampersand in TOAD?
You have to set the escape. Works in Oracle SQL Developer.
set escape \
SELECT field1 "Eggs\&Cheese" FROM table1;
After your work is done you can set it off.
set escape off

Difference between N'String' vs U'String' literals in Oracle

What is the meaning and difference between these queries?
SELECT U'String' FROM dual;
and
SELECT N'String' FROM dual;
In this answer i will try to provide informations from official resources
(1) The N'' text Literal
N'' is used to convert a string to NCHAR or NVARCHAR2 datatype
According to this Oracle documentation Oracle - Literals
The syntax of text literals is as follows:
where N or n specifies the literal using the national character set (NCHAR or NVARCHAR2 data).
Also in this second article Oracle - Datatypes
The N'String' is used to convert a string to NCHAR datatype
From the article listed above:
The following example compares the translated_description column of the pm.product_descriptions table with a national character set string:
SELECT translated_description FROM product_descriptions
WHERE translated_name = N'LCD Monitor 11/PM';
(2) The U'' Literal
U'' is used to handle the SQL NCHAR String Literals in Oracle Call Interface (OCI)
Based on this Oracle documentation Programming with Unicode
The Oracle Call Interface (OCI) is the lowest level API that the rest of the client-side database access products use. It provides a flexible way for C/C++ programs to access Unicode data stored in SQL CHAR and NCHAR datatypes. Using OCI, you can programmatically specify the character set (UTF-8, UTF-16, and others) for the data to be inserted or retrieved. It accesses the database through Oracle Net.
OCI is the lowest-level API for accessing a database, so it offers the best possible performance.
Handling SQL NCHAR String Literals in OCI
You can switch it on by setting the environment variable ORA_NCHAR_LITERAL_REPLACE to TRUE. You can also achieve this behavior programmatically by using the OCI_NCHAR_LITERAL_REPLACE_ON and OCI_NCHAR_LITERAL_REPLACE_OFF modes in OCIEnvCreate() and OCIEnvNlsCreate(). So, for example, OCIEnvCreate(OCI_NCHAR_LITERAL_REPLACE_ON) turns on NCHAR literal replacement, while OCIEnvCreate(OCI_NCHAR_LITERAL_REPLACE_OFF) turns it off.
[...] Note that, when the NCHAR literal replacement is turned on, OCIStmtPrepare and OCIStmtPrepare2 will transform N' literals with U' literals in the SQL text and store the resulting SQL text in the statement handle. Thus, if the application uses OCI_ATTR_STATEMENT to retrieve the SQL text from the OCI statement handle, the SQL text will return U' instead of N' as specified in the original text.
(3) Answer for your question
From datatypes perspective, there is not difference between both queries provided
N'string' just returns the string as NCHAR type.
U'string' returns also NCHAR type, however it does additional processing to the string: it replaces \\ with \ and \xxxx with Unicode code point U+xxxx, where xxxx are 4 hexadecimal digits. This is similar to UNISTR('string'), the difference is that the latter returns NVARCHAR2.
U' literals are useful when you want to have a Unicode string independent from encoding and NLS settings.
Example:
select n'\€', u'\\\20ac', n'\\\20ac' from dual;
N'\€' U'\\\20AC' N'\\\20AC'
----- ---------- ----------
\€ \€ \\\20ac
when using N' we denote that given datatype is NCHAR or NVARCHAR.
U' is used to denote unicode
The documented N'' literals are the same as standard character literals ('') except that their data type is NVARCHAR2 and not VARCHAR2. It is important to note that the characters in these literals, together with the entire SQL statement, are converted from the client character set to the database character set when transmitted to the server. All characters from the literals that are not supported by the database character set are lost.
The data type of the undocumented U'' literals is also NVARCHAR2. The content of a U'' literal is interpreted like the input to the SQL UNISTR function. That is, each character sequence \xxxx, where each x is one hex digit, is interpreted as a UTF-16 code point U+xxxx. I am not sure why the U'' literals are undocumented. I can only guess. They are used internally by the NCHAR literal replacement feature, which, when enable on a client, automatically translates N'' literals to U'' literals. This prevents the mentioned data loss due to character set conversion and enables literal Unicode data to be provided for NVARCHAR2 columns even if the database character set is not Unicode.
The two queries in this thread's question are generally not equivalent because the literal text would be interpreted differently. However, if no backslash is present in the literals, no difference can be observed.

Hibernate MSSQL nvarchar Equivalent datatype in oracle [duplicate]

This question already exists:
nvarchar in sql ,oracle and mysql in Hibernate annotation mapping
Closed 8 years ago.
We are developed project using hibernate with sql server. Now we are migrating sql server to oracle.
We have user Nvarchar datatype in mssql server for more than 80 tables. While we are trying to create tables in oracle through hibernate table containing Nvarchar datatype are not getting generated other table are creating successfully.
While we change the column to varchar than also table are getting generated.
How to create UTF-8 datatype in oracle and mssql as a common datatype in hibernate.
Please Help !!!!!!
What is your database character set? Assuming that you create the database setting the database character set to AL32UTF8, VARCHAR2 columns in Oracle would store data in the UTF-8 character set.
If you cannot use a Unicode character set for your database character set, you'd need to use nvarchar2 columns. An nvarchar2 column stores data using the national character set. Unless you've upgraded from an old version of Oracle, your database character set would use the UTF-16 character set, not UTF-8.

How to Check the given string is a reserved keyword in sql server [duplicate]

This question already has answers here:
Check if string is SQL Server Reserved Keywords or not
(3 answers)
Closed 8 years ago.
How to check whether the given string is a reserved keyword in sql server.
I checked a lot in google ,but i didn't find one!!
for eg: If i am giving the input String as 'Order',sql statement should
return whether it is reserved keyword.
Is there any built-in stored procedures or function to do this? Any help would be appreciated.
There is no built-in function to do that.
Here is the list of the known identifiers.
http://technet.microsoft.com/en-us/library/ms189822.aspx
I suggest to put these in an table and use it in a function / stored procedure.