According to this link, I should be able to use curly braces to escape an entire variable string. My understanding is that Oracle (10g or later -- I've been told we use 11g) should treat this (sanitized) SQL query:
SELECT * FROM customer WHERE name = 'Sam'
the same as it treats this one:
SELECT * FROM customer WHERE name = '{Sam}'
I tried it as a sanity check before trying strings that would actually need escaping, and it didn't work. The top query returns data, but the bottom doesn't. Am I doing something wrong?
SELECT * FROM customer WHERE name = q'{Sam}'
Related
I am trying to automate a problem at work and have an SQL question. I am getting a list from one of our vendors strips all of the apostrophes out of the info.
So when I search for "oneil" and my database has "o'neil"
select * from db where name = "oneil"
I know how to fix that by hand, but how would I make it work when I don't know where the apostrophe is at?
I hope I explained that right.
You could first strip the apostrophes from the name before doing the comparison:
SELECT *
FROM db
WHERE REPLACE(name, '''', '') = 'oneil';
Demo
Note that in most versions of SQL, a literal apostrophe is represented inside a string literal using two apostrophes doubled-up ''.
For SQL Server, use a temp table with apostrophes replaced:
select *,
derived_name = REPLACE(t.name,'''','')
into #temp
from table t
Then you can do: select * from #temp where derived_name='oneil'
Note that the apostrophe is also the escape character in sql server.
I have a script in ASP Classic that uses a Firebird database. I would like to execute a query without "quotation marks"
Now I must write this:
SQL = "SELECT ""TArticoli"".""IDArticolo"",""TArticoli"".""Desc"" FROM ""TArticoli"";"
I would write this:
SQL = "SELECT TArticles.IDArticle, TArticles.Desc FROM TArticles;"
The first one is accepted the second not, how can I do this?
You can't. DESC is a reserved word in Firebird, so to be able to use it as a column name (or any other object name for that matter), you will need to enclose it in quotes.
A second problem is that you are currently using
SELECT "TArticoli"."IDArticolo","TArticoli"."Desc" FROM "TArticoli"
And this means both your table name and the column names are case sensitive, and in that case, quoting those object names is mandatory. Unquoted object names are case insensitive, but are mapped to object names in upper case. This means that select * from TArticoli will select from a table called TARTICOLI, while select * from "TArticoli", selects from a table called TArticoli.
So unless you are going to rename or recreate all your tables or columns, you will not be able to get rid of quotes. The only thing you can do to reduce the number of quotes, is by not prefixing the columns with the table names (in the query shown it isn't necessary), or otherwise use a case insensitive alias for the table, eg
SELECT "IDArticolo", "Desc" FROM "TArticoli"
or
SELECT a."IDArticolo", a."Desc" FROM "TArticoli" AS a
I have a table called project-users and want to write a SQL query like SELECT * FROM project-users I get this error ERROR: syntax error at or near "-".
I cannot change the table name at this point.
According to http://www.postgresql.org/docs/9.0/static/sql-syntax-lexical.html, you should use double quotes.
In your case, for PostgreSQL the query should be:
SELECT * FROM "project-users";
It is good practice to avoid the use of characters that need escaping or that contain spaces in identifiers.
I have this query:
select * from table where column like '%firstword[something]secondword[something]thirdword%'
What do I replace [something] with to match an unknown number of spaces?
Edited to add: % will not work as it matches any character, not just spaces.
Perhaps somewhat optimistically assuming "unknown number" includes zero.
select *
from table where
REPLACE(column_name,' ','') like '%firstwordsecondwordthirdword%'
The following may help: http://blogs.msdn.com/b/sqlclr/archive/2005/06/29/regex.aspx
as it describes using regular expressions in SQL queries in SQL Server 2005
I would definitely suggest cleaning the input data instead, but this example may work when you call it as a function from the SELECT statement. Note that this will potentially be very expensive.
http://www.bigresource.com/MS_SQL-Replacing-multiple-spaces-with-a-single-space-9llmmF81.html
What are the various ways to ESCAPE single quotes(') in the SQL LIKE command?
One way is to put two single quotes whenever you have to escape a single quote.
Can you people suggest something?
Databases: SQL Server 2005 and Oracle 10g
You already have the answer. You have to use two single quotes:
select * from table where field like '%''something''%'
Two single quotes is the best solution.
Alternatively, you can use a CHAR(39) to represent a single quote character.
UPDATE Employee SET LastName = 'O' + CHAR(39) + 'Brien'
WHERE ID=1;
The best way is to bind the parameter with ADO or ADO.NET.
Like (example in C# with ADO.NET):
SqlCommand x = new SqlCommand(sqlConnection, #"select * from table where col like '%'+#para1+'%'");
x.parameters.add(new SqlParameter("#para1",sqltype.varchar,100)).value = "this is a' test";
In SQL Server 2005 you escape a single quote (') with a double single quote ('') if you do not want to bind:
select * from table where col like '%this is a'' test%'
If you want to search the value Allen O'Dea following is the query.
SELECT * FROM [TABLE] WHERE [COLUMN] LIKE '%Allen O''Dea%'
This query works perfectly.
There is also the "Q-quote" method:
select * from mytable where text like q'#%Here's some text%#';
This is available since Oracle 10.2.
I used a '#' character as the quote delimiter, but you can use pretty much any character that won't appear in the string (there are a few exceptions, such as the space character).
In a simple example like that above I probably wouldn't do this. I'd just double up the single quotes, but it does come in handy when building large dynamic SQL statements that include lots of string literals.