I'm facing a problem right now.. what if the query itself contains code between bracket like foo and this foo is replaced with a declare-result value like #foo
when O want to print what's the container in #foo instead of 'foo' i should use '#foo' but sql reads it as '#foo' and ignores the # because it's between ' and '
In c# as usual, I do use "'"+#foo+"'" now in sql there's no ID for " so we use '
when i use '''+#foo+''' it does not read. although in c# we use something like \ between the brackets to get it done, sql does not read
What should I do in this case?
Image for the problem and query itself:
Sounds like you're wanting to escape single quotes.
To do this you need to double them up!
DECLARE #foo char(1);
SET #foo = 'A';
SELECT '''' As a_single_quote
, '''''' As a_pair_of_single_quotes
, '''' + 'TEST' + '''' As escaped_string
, '''' + #foo + '''' As with_a_variable
Related
DECLARE #listofelements NVARCHAR(4000)
SELECT #listofelements = COALESCE(#listofelements + ',', '') + '[' + OBJECT_SCHEMA_NAME(v.object_id) + '].[' + v.name +']' FROM sys.views as v
PRINT #listofelements
UPDATE [database].[dbo].[Table1] SET [Total_text] = #listofelements
The code above till the PRINT statement works fine. The print statement gives me a large text string which is what I want. This textstring looks to be generated on the fly. However, if I want to update a table in my database with this value #listofelements then it updates nothing. How come that #listofelements which is generated by the script is not able to update my Table1. It has nothing to do with the length of the string of type. It doesn't give an error, it just doesn't update. It looks like #listofelements is empty while on the other hand I can print it. Note: I ran all 5 lines at the same time.
Okay so my T-SQL statement is the following
IF #dept <> '' BEGIN
SET #query = #query + ' AND T6.Region2 IN (' + REPLACE(#dept, '^', '''') + ') '
END
This is basically for a French site and the region names have ' in the names. What I'm trying to do is pass something like the following to SQL
#dept = 'Cote-d^Armor', 'Val-d^Oise'
and replace the ^ with a '. When I do a replace it's just causing an error as if the replaced ^ is a ' and escaping the rest of the code.
Hope that makes sense.
You need some extra quotes outside the replace. Try this:
IF #dept <> '' BEGIN
SET #query = #query + ' AND T6.Region2 IN (''' + REPLACE(#dept, '^', '''') + ''') '
END
I wouldn't swap "'" for "^" to store it and then try and convert it back. It would be much simpler to store "Cote-d'Armor", then in your stored procedure whenever there is a "'" in the search string, to double it.
SQL Server can happily cope with ' and " in the data, they just need to be escaped properly.
OK, so I've got this line of code in a search stored procedure:
SET #where = 'job_code = ''' + REPLACE(#job_code, '''', '''''') + ''''
and there are basically two operations I'd like to streamline -the first being surrounding the concatenated value in single quotes. Obviously, in the above statement, I'm escaping a ' by using two '' and then ending the string with a ' so I can concatenate the actual value. There's got to be a better way!
The second of the operations would be the REPLACE(#job_code, '''', '''''') where I'm escaping any single quotes that might exist in the field.
Isn't there a much more elegant way of writing this line of code as a whole?
I thought it was the ESCAPE keyword but that's tied tightly to the LIKE statement, so no go there.
Not sure how you execute your sql query, if you use sp_executesql, could be something like this
EXECUTE sp_executesql
N'SELECT * FROM YouTable WHERE job_code = #job_code',
N'#job_code varchar(100)',
#job_code = #job_code;
The parameterized query answer is probably the real "right answer", but to answer your original question, what you want is QUOTENAME(). More specifically, the single-quote version:
SET #where = 'job_code = ' + QUOTENAME(#job_code, '''')
Do note the length limit on this (input is a sysname, meaning 128 characters), though, as it is intended to quote the names of database objects and not as a general-purpose mechanism.
You could declare constants:
declare #SQ as char(1) = ''''
SET #where = 'job_code = ' + #SQ + REPLACE(#job_code, #SQ, #SQ + #SQ) + #SQ
You could define a function that handles your typical scenarios, something like:
create function WrapAndReplaceQuotes (#input as varchar(max))
returns varchar(max)
as
begin
return '''' + replace(#input, '''', '''''') + ''''
end
SET #where = 'job_code = ' + WrapAndReplaceQuotes(#job_code)
I have a lengthy stored procedure that builds a query string. It works fine until I add in a 'LIKE' description field (text) which has a wildcard in it, see below:
IF #AdDescription IS NOT NULL
IF #AdSection IS NOT NULL
BEGIN
SET #SQL = #SQL + #Wand + 'na.Section = '' + #AdDescription + '''
SET #Wand = ' AND '
END
ELSE
BEGIN
SET #SQL = #SQL + #Wand + '(na.AdDesc LIKE ''' + #AdDescription + '%'')'
SET #Wand = ' AND '
END
I've tried a few variations but as soon as #AdDescription has anything in it it fails. Is there something obvious that I am missing?
You are missing an apostrophe in your first "SET #SQL" line. There should be 3 apostrophes before you add the #AdDescription. The color coding in your code above shows this problem. The plus signs are red instead of black.
Try using print to see the SQl you have created, then you will likely see the error. And try really hard to avoid dynamic sql, it's hard to maintain, test, and debug properly.
Instead of exec the SQl just have it do:
Print #SQL
This will print the SQL Statement.
We usually havea debug parameter on any stored proc that uses dynamic SQl abd if it is set to 1, it prints the SQL and if it is set to 0 (the default), it executes the SQL. This makes it easier to see what is being created for a set of values later when the proc fails in production becasue of some obscure condition you didn't consider.
YOu can also get the SQl executed by running profiler, but usually it's simpler to just run with the same values in debug mode.
Edit Maybe it's just the quotes? I've added some spaces so the escaping is clearer.
IF #AdDescription IS NOT NULL
IF #AdSection IS NOT NULL
BEGIN
SET #SQL = #SQL + #Wand
+ 'na.Section = ' ''' + #AdDescription + ''' '
SET #Wand = ' AND '
END
ELSE
BEGIN
SET #SQL = #SQL + #Wand
+ '(na.AdDesc LIKE ' ''' + #AdDescription + '%'' )'
END
I'm tryin to use SQL to build a comma separated list of cat_id's
the code is:
declare #output varchar(max)
set #output = null;
select #output = COALESCE(#output + ', ', '') + convert(varchar(max),cat_id)
edit: changed '' to null, STILL same.
but the output im getting is like so:
, 66 , 23
the leading comma should not be there. What have i missed?
Are you on SQL 2005? With props to Rob Farley who showed me this just recently:
SELECT stuff((
SELECT ', ' + cast(cat_id as varchar(max))
FROM categories
FOR XML PATH('')
), 1, 2, '');
The inside query (with FOR XML PATH('')) selects a comma-separated list of category IDs, with a leading ", ". The outside query uses the stuff function to remove the leading comma and space.
I don't have an SQL instance handy to test this, so it's from memory. You may have to play with the stuff parameters etc to get it to work exactly how you want.
COALESCE Returns the first nonnull expression among its arguments
First argument #output + ', ' is never null (unless you initialize #output as null AND set CONCAT_NULL_YIELDS_NULL to ON), so it's always returned.
And sometimes...
you have to answer your own question
declare #output varchar(max)
select #output = case when (#output is null) then '' else ', ' END + convert(varchar(max),cat_id)
check #output value just before the execution of this query, I think it's not equal to NULL but to '' (empty string)
EDIT: (after the #auth edited the question)
now I'm sure it's '',
you have to initialize it to NULL
to do it independently of CONCAT_NULL_YIELDS_NULL, use the old CASE WHEN:
select #output = NULL
select #output = CASE WHEN #output IS NULL THEN '' ELSE #output+', ' END + value
declare #output varchar(max)
select #output = coalesce
(
#output + ', ' + convert(varchar(max),cat_id),
convert(varchar(max),cat_id)
)
from yourTableHere
print #output
Did you initialize #output to an empty string? COALESCE will only work if it's a NULL string.
What you are doing wrong is that #output is not null from start, but an empty string. Set #output to null before the loop (or if it's not used since it's declared just don't assign an empty string to it).
Not sure if this applies exactly to what you're looking for, but I found this right at the same time I found your questions. I use the second solution with FOR XML PATH, which Matt Hamilton mentioned above. It's worked great for me.
Concatenating Rows - By Carl P. Anderson, 2009/10/14
http://www.sqlservercentral.com/articles/T-SQL/67973/
On Unix, the sqlminus command lets you merge SQL commands and other formatting:
% sqlminus "select ri || ',' ||name|| ',' || numports || ',' || ascii(OVRONSET) from sdfctigw.ivrgrp where GRP_BEP is not null;" | sort -h
1,COMO INTERNAL 2,700,90
7,LOADIVR,10,80
10,SPEECH_IVR_PROD,600,95