I'm using Delphi XE2 and AnyDAC and an MSAccess db.
The table 'timea' has 5 fields:
Rec_No AutoNumber
App text
User_ID text
PW text
Comment memo
This code throws the error below. The query works just fine in Access query designer.
sql := 'INSERT INTO [timea] (App, User_ID, PW, Comment) VALUES ("zoo", "Bill", "mi7", "Liger");';
adconnection1.ExecSQL(sql);
Project PWB.exe raised exception class EMSAccessNativeException with message '[AnyDAC][Phys][ODBC][Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 4.'.
Both SQL and Delphi are using single quotes as string boundaries. Since you want to have singe quote inside the string, you have to "escape" it using doube single quote.
For example, if you write S := 'Guns''N''Roses' the varieble S will contain string Guns'N'Roses - 12 characters, not 14.
Be careful when you are concatenating string values, since they might contain single quotes, too. The recommended way to write the query in this case is, for example:
sql := 'INSERT INTO Table (Col) VALUES (' + QuotedStr(Val) + ')';
Function QuotedStr wll take care and double all single quotes in the string. This is also essential to avoid insertion hacks.
Related
Hi I have a stored procedure which accepts parameter "Q_RES" from java. Its value is either "Y" or "N" . In my stored procedure I have a condition
If Q_RES = 'Y' THEN
sp_stat = 'TABLENAME.RES IN (' || Q_RES || ')';
END IF
nut I get error has ORA-00904: "Y" invalid Identifier
How can I fix this?
In PL/SQL assignment is Pascal style :=', not=`. Aside from that, I don't see any problem with the string concatenation shown here.
I suspect that sp_stat is being used later, in composing dynamic SQL. I would take a close look at the SQL being generated. It's probably goign to look like this:
... TABLENAME.RES IN (Y) ...
And if that is interpreted as SQL text, Oracle is going to see that bareword Y as an identifier, such as a column name, and attempt to resolve that. (If a table referenced in the query has a column named Y, the query wouldn't throw an error about an invalid identifier.
Just guessing here, but I suspect that we want Y to be a string literal. A string literal is enclosed in single quotes, like this:
... TABLENAME.RES IN ('Y') ...
To get a single quote inside a string literal, we can use two single quotes, e.g.
'I''m happy this is working'
Since we already know Q_RES is equal to 'Y', why not just do this:
sp_stat := 'TABLENAME.RES IN (''Y'')';
^^ ^^
or, if we want to reference Q_RES, enclose it in single quotes, like this:
sp_stat := 'TABLENAME.RES IN (''' || Q_RES || ''')';
^^ ^^
Background Info:
I have a stored procedure that is populating an SSRS report. The SSRS report is ran and exported as a CSV. It is then opened as textfile and ran through a 3 party vendor application.
The output of the text book should look like this:
lid, status, i_flag,Count, pDate, iDate
62558633,"Text Value","08/16",11,"08/16","08/16"
78013526,"Text Value","",,"08/16""08/16"
My results look like this:
lid, status, i_flag,Count,pDate,iDate
19007442,"'Dir,MgmtII'",'',2,'','02/16'
17343623,'Text','',0,'11/15','02/16'
Now the code that I'm using is:
SELECT
quotename(isnull(i_flag,''''), '''') as i_flag,
isnull(lid, 0) as lid,
quotename(isnull(status,''''), '''') as status,
isnull(Count, 0) as Count,
quotename(isnull(p_Date,''''), '''') as p_Date,
quotename(isnull(i_Date,''''), '''') as i_Date
FROM
#Table
Any ideas on how I can fix this. Been stumped on this for a bit. Thanks.
If I'm understanding your question correctly (which I'm quite possibly not), I think you want:
SELECT
QUOTENAME(ISNULL(i_flag,''), '"') AS i_flag,
ISNULL(lid, 0) AS lid,
QUOTENAME(ISNULL([status],''), '"') AS [status],
ISNULL([Count], 0) AS [Count],
QUOTENAME(ISNULL(p_Date,''), '"') AS p_Date,
QUOTENAME(ISNULL(i_Date,''), '"') AS i_Date
FROM
#Table
It sounds like you have some values in fields which you wish to wrap in double quotes " for the purpose of exporting to CSV, plus in some cases the values in these fields might be NULL.
My suggestion above handles this by first using ISNULL to replace any NULL values with an empty string and then using QUOTENAME to wrap the resultant value in double quotes.
The crucial differences to your posted code are:
When using ISNULL I replace the NULL with an empty string '' instead of a string containing a single quote character '''' (two consecutive single quotes within a string represent an escaped literal single quote character)
When using QUOTENAME to wrap the values in double quotes, I specify a string containing a double quote '"' in the second parameter, instead of a string containing a single quote character ''''.
I hope that helps you - if you're still having problems, perhaps you could provide some sample rows from your #Table temp table and the output you're expecting from the query so people can help you further.
As an aside, it's not good practice to use SQL reserved keywords like status or count as column names or aliases, but if you must, I'd recommend enclosing them in brackets (i.e. [status]) for readability (especially in SSMS or any IDE with SQL syntac highlighting or colour-coding) as I have done above.
Hey I'm using oracle DB with Iron Python and I'm having trouble with strings that contains the char " ' " like in Mc'donalds. (I know it is looking for the closing ' )
The string is accepted from the user input and I want to add it to my DB as it is, meaning without omitting or changing any character.
How can I do it?
Try using the "q" (quote) function:
INSERT INTO restaurantTable (name)
VALUES (q'[O'Reilly and Conway's Irish Pub]');
You can also double-up the single apostrophes (O''Reilly and Conway''s Irish Pub). But in your case you'd have to parse them out, so either using the quote function or query parameters would work the best.
For more information: Q-quote operator introduced in Oracle 10g
Taken from PL/SQL, how to escape single quote in a string?
You can do it either using Q quoting like
q'[insert into MY_TBL (Col) values('ER0002')]';
OR you can use two quotes to denote a single quote
'insert into MY_TBL (Col) values(''ER0002'')';
I have a scenario in my vb.net project where users need to select a name from a combobox (or type a new name).
Names of course can have ' as in Tina O'Hara which in the database would be stored as Tina O''Hara.
My combobox is populated from a sql select command. I have tried to use a Replace so that the names display correctly in the dropdown.
SqlStr = "SELECT Replace(ContactName, '''', ''') AS ddlText FROM tbl_Visits Where CustID = " & hd_CustID.value & " ORDER By ContactName"
PopulateCMBX(cmbx_ContactName, SqlStr, "Please Select")
PopulateCMBX... This gets a list of names from the supplied SqlStr and populates the combobox itemlist with a 'Please Select' as the first option.
SqlStr is producing an error as there is not a matching set of ' how do I fix this. Thanks
When referencing single quotes in MS-SQL, you need to escape each single quote (') with two single quotes ('').
If the name is stored in the database with two single quotes, such as (''), then when you do the replace you need to use four single quotes (''''). In addition to these, you need to enclose the string with single quotes.
What this means is that your replace should look like this:
SqlStr = "SELECT Replace(ContactName, '''''', '''') ...
The 2nd param in the replace has 6 single quotes: 4 to represent the two single quotes you are replacing, and 2 to make it a string. The 3rd param has 4 single quotes: 2 to represent a single escaped quote and two to make it a string.
Try with this, maybe not the best solution but it works (check this example):
select Replace(Replace(ContactName, '''', '$&'),'$&$&','''') from tbl_Visits
Note that $& is like a key that should not affect the values in your field, for example, could be a word: &&k&& or %%key%%, etc.
Back to clarify, it is not the best solution, but sometimes i've used.
I have an SQL question. Everything works fine in the below SELECT statement except the portion I have highlighted in bold. What I'm trying to do is allow the user to search for a specific Rule within the database. Unfortunately, I do not actually have a Rule column, and so I need to concatenate certain field values to create a string with which to compare to the user's searchtext.
Any idea why the part in bold does not work? In theory, I would like this statement to check for whether the string "Rule " + part_num (where part_num is the value contained in the part_num field) equals the value of searchtext (the value of searchtext is obtained from my PHP script).
I did some research on concatenating strings for SQL purposes, but none seem to fit the bill. Does someone out there have any suggestions?
SELECT id,
part_num,
part_title,
rule_num,
rule_title,
sub_heading_num,
sub_heading,
contents
FROM rules
WHERE part_title LIKE "%'.$searchtext.'%"
OR rule_title LIKE "%'.$searchtext.'%"
OR sub_heading LIKE "%'.$searchtext.'%"
OR contents LIKE "%'.$searchtext.'%"
OR "rule" + part_num LIKE "%'.$searchtext.'%" --RULE PLUS PART_NUM DOESN'T WORK
ORDER BY id;
Since you didn't specify which DB your using, I'm going to assume SQL Sever.
Strings are specified in SQL Server with single quotes 'I'm a string', not double quotes.
See + (String Concatenation) on MSDN for examples.
Another possibility is that part_num is a numeric. If so, cast the number to a string (varchar) before concatenating.