I want to query a database where a column matches a string & this string is having a single quote character '. I am unable to run the following query
SELECT *
from <table>
where <column>='robocopy'w (ithout)backup.pcap';
The reason being that single quotes is used to search the column;
I tried double quotes but no help.
I can by pass this if I add a extra single quote just before the single in a string.
SELECT *
from <table>
where <column>='robocopy''w (ithout)backup.pcap';
But I need a better solution as it is not practical to add a single quote every time,specially if they are long and have many single quotes.
You need to escape your query string before sending it to the database. I can't show you how because you didn't post the code, but if you are running this query directly in the psql console, you can escape the quotes by putting all constraint inside $$ and $$, as cited in the documentation[1]. Example:
SELECT * from <table> where <column> = $$robocopy'w (ithout)backup.pcap$$;
[1] http://www.postgresql.org/docs/current/interactive/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING
Related
I know this is very bad naming practice, but I am not the owner of the table...
I need to run :
SELECT COL_"NAME"
FROM TABLE
where COL_"NAME" is the name of the column, containing double quotes.
I tried :
SELECT COL_""NAME""
FROM TABLE
SELECT COL_\"NAME\"
FROM TABLE
But nothing works
Identifier Requirements:
To use the double quote character inside a quoted identifier, use two quotes.
To access column: COL_"NAME"
SELECT "COL_""NAME"""
FROM TABLE;
I have a table called project-users and want to write a SQL query like SELECT * FROM project-users I get this error ERROR: syntax error at or near "-".
I cannot change the table name at this point.
According to http://www.postgresql.org/docs/9.0/static/sql-syntax-lexical.html, you should use double quotes.
In your case, for PostgreSQL the query should be:
SELECT * FROM "project-users";
It is good practice to avoid the use of characters that need escaping or that contain spaces in identifiers.
On a SQLite database something I thought was very simple doesn't work at least under my conditions.
I have one column with names and some name contains apostrophe ('), which I want to remove. I know all names which contains an apostrophe, so I am not trying to query for apostrophes. I am doing something much simpler:
UPDATE table SET column_name="name surname1 surname2" WHERE column_name="name surname1'surname2";
which doesn't return what I expect. It doesn't produce an error but it doesn't modify any record.
SQL doesn't like reflexivity?
There should be no issue with querying the current value of a column to update the same column. Try escaping the single-quote by doubling it e.g. ''.
See: http://www.sqlite.org/lang_expr.html which reads:
A string constant is formed by enclosing the string in single quotes
('). A single quote within the string can be encoded by putting two
single quotes in a row - as in Pascal.
Therefore, your update should be:
UPDATE table SET column_name='name surname1 surname2' WHERE column_name='name surname1''surname2'
Update: Added explanation of escape mechanism.
If a field value in the table of SQL Server is like A(B) and if I to write a query
SELECT * FROM MyTable WHERE MyField = 'A(B)'
it is not returning any result. How to handle this situation?
Your query should work fine, if you want to specify a different escape parameter, you can use ESCAPE.
WHERE column LIKE '%A#(B#)%' ESCAPE '#'
Also, if you want to match anything that contains "A(B)", don't forget to surround it by percetages symbols.
What are the various ways to ESCAPE single quotes(') in the SQL LIKE command?
One way is to put two single quotes whenever you have to escape a single quote.
Can you people suggest something?
Databases: SQL Server 2005 and Oracle 10g
You already have the answer. You have to use two single quotes:
select * from table where field like '%''something''%'
Two single quotes is the best solution.
Alternatively, you can use a CHAR(39) to represent a single quote character.
UPDATE Employee SET LastName = 'O' + CHAR(39) + 'Brien'
WHERE ID=1;
The best way is to bind the parameter with ADO or ADO.NET.
Like (example in C# with ADO.NET):
SqlCommand x = new SqlCommand(sqlConnection, #"select * from table where col like '%'+#para1+'%'");
x.parameters.add(new SqlParameter("#para1",sqltype.varchar,100)).value = "this is a' test";
In SQL Server 2005 you escape a single quote (') with a double single quote ('') if you do not want to bind:
select * from table where col like '%this is a'' test%'
If you want to search the value Allen O'Dea following is the query.
SELECT * FROM [TABLE] WHERE [COLUMN] LIKE '%Allen O''Dea%'
This query works perfectly.
There is also the "Q-quote" method:
select * from mytable where text like q'#%Here's some text%#';
This is available since Oracle 10.2.
I used a '#' character as the quote delimiter, but you can use pretty much any character that won't appear in the string (there are a few exceptions, such as the space character).
In a simple example like that above I probably wouldn't do this. I'd just double up the single quotes, but it does come in handy when building large dynamic SQL statements that include lots of string literals.