problems with quotes in SQL Netezza - sql

Inside a procedure I have a variable that contains SQL for example like this:
examplesql:= 'SELECT 'asd';';
Where the SQL itself is enclosed with single '' and a value further inside the SQL is also enclosed with single ''. I tried using double "" marks instead but it didnt work. Any suggestions how to accomplish this in Netezza ?
The variable examplesql is later called with EXECUTE IMMIDIATE

This should be the same as (almost) every other DBMS, you need to double the single quotes within the string:
examplesql:= 'SELECT ''O''''Hara';

Related

Using SQL escape characters in Powerbuilder inline SQL

I am trying to replace single quote characters in an inline SQL statement.
In SSMS:
SELECT REPLACE('test''test', '''', '')
Result: testtest
In Powerbuilder:
SELECT REPLACE(fieldname, '''', '')
INTO :ls_string
FROM tablename;
Result: 'Incorrect syntax near ''.
Basically, Powerbuilder complains about syntax because it doesn't know what to do with SQL's escape character. If I use Powerbuilder's escape character instead ('~'' versus '''' as the second argument for REPLACE), SQL Server complains about open quotes.
Any suggestions are appreciated.
You probably will have to either put the statement in a datawindow object (using the SQL quote escape method) which you use in the application as a datawindow or datastore OR do the SQL in a function or stored proc. If you go the function route you could call it in an imbedded SQL statement within Powerscript like your examples.
Something like
SELECT ufReplaceTwoQuotes INTO :ls FROM myTable USING SQLCA;
A third option would be to retrieve your data then do the replace within Powerscript (but then you have to wrestle with escaping the single quote within PowerBuilder).

error using XML in sql query

query is some thing like
update table set configXML='XML' where...
here in XML i have a tag, which contains
Url="javascript:OpenEntityEditor(**'../Entity/EntityEditor.aspx?CNodeID={0}'+','+'resizable=yes,maximize=1'+','+'{0}'**);"
in above line, bond area is throwing error. How pass it as it is? Please guide me.
single quote (') is not allowed in sql query more than once so if there is requirement to use (') more than once then just replace (') with 2 single quotes (''). for example :-
Url="javascript:OpenEntityEditor(''../Entity/EntityEditor.aspx?CNodeID={0}'',''resizable=yes,maximize=1'',''{0}'');"

Nested sql statement in talend (updated)

I am trying to use nested sql in postgresql tPostgresqlRow_1.
But I receive an error.
The following sql runs okay if I run it in PgAdmin.
But in Talend I receive an error.
I am getting the max date from one table and updating the column in another table.
update "STG_magento_de"."configuration_table"
set created_at=(select MAX(created_at) from "STG_magento_de"."sales_flat_order_test")
where table_name='sales_flat_order_test'
The tPostgresqlRow component expects a Java string containing the SQL statement.
The most likely problem is that you have unescaped quotes in the statement. That works fine in pgAdmin because it is valid. To pass the same statement from Talend, you'll have to escape all the quotes in the statement itself. Alternatively, you could try removing the double quotes from the SQL statement.
Remember to enclose the whole thing in quotes, so that it is a proper Java string.
create or replace function eliminarComillas (text) returns text AS $$
select replace(replace(replace($1,'**\"**','"'),'‘','‘'),'’','’');
$$ language sql;"
Following sql with escape quotes worked.
"update \"STG_magento_de\".\"configuration_table\"
set created_at=(select MAX(created_at) from \"STG_magento_de\".\"sales_flat_order_test\")
where table_name='sales_flat_order_test'"

Adding a quote character in a Delphi String

I am writing a SQL program in Delphi 7 and came across a problem.
If you add an SQL command you have to use ' to indicate it is a Variable or String, but I want to build up my SQL statement because it is coming from different If statements and thus have to build it up. Therefore, I wanted to know if anyone knows a trick to add a ' into a string.
Don't make the same mistake like many before you and lookup parametrized queries or else you will be open for SQL injection attacks. If you need to include string constants in your query then use 2 single quotes ('') or the QuotedStr() function from the SysUtils unit.
Try two quotes to represent one i.e. ''

Single Quote Error

When I insert single quote in search box and press search button it gives error like:
[Microsoft][SQL Server Native Client
10.0][SQL Server]Unclosed quotation mark after the character string ' '.
You should be using parameterized queries instead of constructing your SQL by concatenation.
This will avoid SQL Injection attacks as well as resolve any single quote issues.
The quick fix it to escape the ' by doubling it (''), but this would just be a temporary workaround and your code will still be vulnerable.
Parameterize your SQL queries. There are more serious issues than this called SQL Injection.
You need to escape single quotes, like \' as you're using single quotes to surround where-statements, like where i = 'foo', then you need to write where i = '\'' to match a single quote, or lie where i = 'it\'s a good day today'