Braces inside the array - postgresql - sql

I have a table "temp" with two attributes: integer, text[].
I would like to insert a record with the brace inside the array.
For example a record like this:
1, {'1{c}1','a'}
where 1 is the integer and '1{c}1' is the first element of the array and 'a' the second element of the array.
I tried a simply insert like this:
INSERT INTO temp VALUES (id, '{'1{c}1','a'}');
but it says that is malformed.

As an addition, it's also possible to use array constructors, I think it's more safe to use, because array elements are just SQL constants and you also could use expressions inside the array constructors:
insert into "temp" values(1, array['1{c}1','a']);
it's clear that this is array of strings, and this too
insert into "temp" values(1, array['1','2']);

According to the PostgreSQL documentation for arrays,
You can put double quotes around any element value, and must do so if it contains commas or curly braces.
A correct syntax would like this:
INSERT INTO "temp" VALUES (1, '{"1{c}1",a}');
You can see a complete, working example on SQL fiddle.

You don't want those inner single quotes.
INSERT INTO temp VALUES (id, '{1{c}1,a}');

Related

How to store a string which has multiple quotes in a database

I want to store a ciphertext in an Oracle database, but I am getting an error:
identifier is too long.
Its probably because there are multiple quotes in the string. So, how do I store such a string?
For example, my ciphertext may look like:
b't\xb2\xb2\xd6\xab\xab[\x8d\xcc\xab\x1dK\xf7\xa4\xf5\x9a\xe5\xc7\xd2\x874\xbf\xb3\xd5\xf0\xc7\xcbL\xb1\x88\xd2\xae\xeeR\xe6\xd9f\xfc\x89\xfb\xc7\xeb\x0e\xca\xbe\x88\x1e\xa8\xcb\x12\x7f\xeaL\xe5o\x01\x0c\x9f\xd1\xfc\xc2Xe\xd9H6\xa4\x02\xde\xa8\xbb\x04\xf6\xa2\x81\xe8\xa4T\x17\xe5\x94\x1a\xd1\xf3\xca\xe8\xc4v\xb2\x94\xe0,\xb8v\x9c\x13m>W6\x1cL\x87\xde\xce-h\xcd"\xa66\xac&\x9b\xc4C\x9eK\x1fL\xff\nW\x06\x06\xc1\xe3\x7f\x1c{\xff\x93\xdb\t\xdb\x13&\x81\x0c\x06\xf1\x81\x99f\n\x7f\x99\x1e\xbd\xd4\x17\xe9\x05\xb7\x97\xf6\x1f\xd5\xb3\xffK/#6A\t\xa2\xba+\xfaxO\xb9\xa7\x86\xac\x10V\xc6\xe0\x96OfF\x9f\xaaM\xe3\xc9\xf6UNO\x15\x8e\r\x00\x07J)lZ\[]N\x181\xa3\xd4\'\x8a\x91\x81\x0c\xe4:\x88\xf8\xbe\xcc\xcc\xa18\xe2.o\xe5\xb4\xd9\xd3Fk\xf9\xff\x9a\xc8\x04\xaa\x9a\xff\xc2q&\xa7\xd2O\x8eh\xd7\xa9\x02\xc5V'
As you can see there is a single and a double quote in this.
So, how do I store such a string?
A simple option is to use the q-quoting mechanism, where you choose something (like a square bracket, curly bracket, ...) that doesn't exist in your string to enclose those values that have multiple single quotes. Otherwise you would have to escape them using double single quotes, but things get tricky once there are consecutive single quotes. It's just too complicated.
So, an example:
SQL> create table test (col varchar2(50));
Table created.
SQL> insert into test values (q'[that's a string and I'm "Little'foot"]');
1 row created.
SQL> select * From test;
COL
--------------------------------------------------
that's a string and I'm "Little'foot"
SQL>
how do I store such a string?
You appear to have binary data and not a "string"; so store it in a data type for binary data such as BLOB:
CREATE TABLE your_table (
ciphertext BLOB
);
Then when you insert it use a parameterised query and bind variables from whatever interface you are using to access the database (from the look of your data, I would guess it is a bytes data type in Python):
For a positional bind variable, you can use the syntax:
INSERT INTO your_table ( ciphertext ) VALUES ( ? );
For a named bind variable, you can use the syntax:
INSERT INTO your_table ( ciphertext ) VALUES ( :your_value );
Then, when you construct your prepared statement to insert the value, you can pass your data in as the bind variable and you do not need to worry about any quotes.

Insert into script

I tried to add a row to my table named Clienti, I opened query tool and wrote this query, anyway it isn't working, can you tell me the reason? It says the array isn't correctly defined.
INSERT INTO "Clienti"(
"Nome", "Cognome")
VALUES ('example', 'example2');
The problem is that your fields are defined as arrays of strings, not strings. That's why PostgreSQL is complaining about your INSERT statement: You're trying to put a single string into a field that's defined as an array of strings.
"Nome" character(20)[]
means Nome is an array of strings of 20 characters.
You probably want
"Nome" varchar(20)
(for a string of up to 20 characters)
or
"Nome" text
(for no length limit).
See the PostgreSQL documentation for more information about character types.
Try this insert query it will work.
INSERT INTO Clienti(Nome, Cognome)
VALUES ('example', 'example2');

Insert Comma Separated Values to SQL

I would like to take a list that I have in a text file, of values which are separated by commas:
Example - 1,2,3,4,5,6,7,8,9,0
then put the values in a database table(I'm going to use this table for auto-complete with jQuery).
I would have done an array for the auto-complete but I have something like 1000 values so I think its better to pull from SQL(am i right?)
Try to explain it to me slowly cause I'm a novice and this is so confusing :)
If those are 1000 constant values (like countries), put them in array.
If they are fairly dynamic, put them in a table
Assuming the table is called T1 and has one field F1, you need to transform the string
1,2,3,4,5,6,7,8....N
to
INSERT INTO T1
VALUES (1),(2),(3),(4),(5),(6),(7),(8)......(N);

Multiple values in where with prepared SQL-Statements?

Is there a way to select multiple values with prepared statements in (My-)SQL?
I'm trying to select a couple of rows from a table with the IN-keyword, something like:
SELECT *
FROM table
where id IN (1, 2, 3)
The "1, 2, 3" should be passed as a parameter of the statement.
Is this possible with PHP/PDO or do I have to concaterate the values and insert it directly in the statement (I've got a bad feeling about this because of injections).
If you have an array of "something" that comes from the user, you can build a list of placeholders with array_fill, generate a string like "?, ?, ?, ..." by calling implode on the array. Alternatively you can make sure everything in the array is an integer (using intval, for example) and use it directly to build the query.
I would pass in an array of integers, and then do String.Join to bring them together within your prepared statement. You can't inject anything into an integer!
Try passing you in-list as aconcatenated string and do this (not very performant but it should work: I think I saw an answer from Joel Spolsky somewhere using this technique):
SELECT * FROM table where concat('|',id,'|') like '%|1|2|3|%'

How to INSERT to a column whose name is a sql keyword

I need a table that stores key-value pairs, so I created one with a column called "Key" and a column called "Value".
This fails:
insert into mykeyvalues (Key,Value) values ('FooKey', 'FooValue')
"Incorrect syntax near the keyword 'key'."
Maybe I shouldn't call it "Key", but I just wonder if it is possible to work with a column whose name is a sql keyword?
Thanks
You can surround column names like that with [ ] brackets. Therefore:
insert into mykeyvalues ([Key],[Value]) values ('FooKey', 'FooValue')
Use either backticks (`) or double quotes (") around the identifiers in your query. For example:
INSERT INTO mykeyvalues ("Key", "Value") values ('FooKey', 'FooValue')
But in the long-run, this just reduces portability. It's easier to use a different name.