I want to run a Sql query with special characters in it. However, I don't want to use sql parameters. There is a way to run following query?
SqlString := 'Select * from Table1 where Name LIKE '`1234567890-=\]['';/.,<>?:"{}|+_)(*&^%$##!~%'
FSQLQuery.SQL.Clear;
FSQLQuery.SQL.Add( SqlString );
FSQLQuery.Open;
Delphi considers this query as Parameterised due to colon sign in
'`1234567890-=]['';/.,<>?:"{}|+_)(*&^%$##!~%'
and throws (No value for parameter '{}|+_)(*&^%$##!~%').
You should put something like this:
sqlString := 'SELECT * FROM Table1 WHERE Name LIKE ''`1234567890-=\]['''';/.,<>?:"{}|+_)(*&^%$##!~%'' ';
FSQLQuery.ParamCheck := False; //<<It MUST be prior than SetSql.
FSQLQuery.SQL.Clear;
FSQLQuery.SQL.Add( sqlString );
FSQLQuery.Open;
If FSQLQuery is TADOQuery then the easiest way to avoid this problem (colon char inside SQL.Tex) is to use
FSQLQuery.Connection.Execute(FSQLQuery.SQL.Text) instead of FSQLQuery.Open.
In this case you call ADO method directly without having Delphi parse your Sql.Text.
Attention to escaped chars inside SQL too, it is possible to resolve with QuotedStr function to works fine:
sqlString := 'SELECT * FROM Table1 WHERE Name LIKE ' +
QuotedStr('`1234567890-=\]['''';/.,<>?:"{}|+_)(*&^%$##!~%'' ) + ';';
Related
Hi I have a stored procedure which accepts parameter "Q_RES" from java. Its value is either "Y" or "N" . In my stored procedure I have a condition
If Q_RES = 'Y' THEN
sp_stat = 'TABLENAME.RES IN (' || Q_RES || ')';
END IF
nut I get error has ORA-00904: "Y" invalid Identifier
How can I fix this?
In PL/SQL assignment is Pascal style :=', not=`. Aside from that, I don't see any problem with the string concatenation shown here.
I suspect that sp_stat is being used later, in composing dynamic SQL. I would take a close look at the SQL being generated. It's probably goign to look like this:
... TABLENAME.RES IN (Y) ...
And if that is interpreted as SQL text, Oracle is going to see that bareword Y as an identifier, such as a column name, and attempt to resolve that. (If a table referenced in the query has a column named Y, the query wouldn't throw an error about an invalid identifier.
Just guessing here, but I suspect that we want Y to be a string literal. A string literal is enclosed in single quotes, like this:
... TABLENAME.RES IN ('Y') ...
To get a single quote inside a string literal, we can use two single quotes, e.g.
'I''m happy this is working'
Since we already know Q_RES is equal to 'Y', why not just do this:
sp_stat := 'TABLENAME.RES IN (''Y'')';
^^ ^^
or, if we want to reference Q_RES, enclose it in single quotes, like this:
sp_stat := 'TABLENAME.RES IN (''' || Q_RES || ''')';
^^ ^^
I want to insert footext into LIKE pattern dynamically, but it gives error saying
ERROR: unrecognized conversion type specifier "'"........
This is my query:
RETURN QUERY EXECUTE format ('SELECT foocolumn
FROM footable
WHERE foocolumnother LIKE ''%L%'' ', footext);
Little late to the party, but according to Erwin's answer and the document, you can also try the ~ character of regex. So test out this
RETURN QUERY EXECUTE format ('SELECT foocolumn
FROM footable
WHERE foocolumnother ~ %L ', footext);
If you want to add a % into the format string you need to double it e.g. %F%%
%Lalso correctly adds single quotes so you don't need to put them in the format string.
However: using %F%% would generate 'bla'% - which is incorrect.
You need to add the wildcard to the variable not the format string:
RETURN QUERY EXECUTE format ('SELECT foocolumn
FROM footable
HERE foocolumnother LIKE %L' ', concat(footext, '%'));
Another late entry. Doubling both the single-quotes and percents works for me in Postgres 11.x:
l_query text := FORMAT('
SELECT e.gid, e.sessionname, e.shared, e.created, e.created_by
FROM exercise e
WHERE LOWER(e.created_by) LIKE ''%%%s%%'';'
, LOWER(p_user));
RETURN QUERY EXECUTE l_query;
I have this homework assignment :
Write an anonymous PL/SQL block that accepts a string as input and removes all of the vowels (a.e.i.o.u) from the string, then outputs the results.
The output should look like this:
Run the Program
SQL>#rm_vowels
Enter the String: A penny for your thoughts
SQL>****************************
SQL>The new string is: pnny fr yr thghts
And this does look like something really easy to do but I'm really lacking some PL/SQL experience to get this done.
From my searches so far I've realized I need to use something similar to this :
REGEXP_REPLACE(name,'[a,e,i,o,u,A,E,I,O,U]','')
Right ?
You can also use the translate function, which might be marginally faster than regexp_replace:
select translate('A penny for your thoughts', 'xaeiouAEIOU', 'x') new_str from dual;
NEW_STR
------------------
pnny fr yr thghts
You may wish to put a trim around to remove any leading/trailing spaces.
Technically, the assignment calls for an anonymous pl/sql block, and prompting user for input. So you'd have something like this:
set serveroutput on
set verify off
accept vstring prompt "Please enter your string: ";
declare
vnewstring varchar2(100);
begin
vnewstring := regexp_replace('&vstring', '[aeiouAEIOU]','');
dbms_output.put_line('The new string is: ' || vnewstring);
end;
/
You can put this in a file called "my_homework_from_SO.sql" and from the same directory the file is located, login to sqlplus and run it:
#my_homework_from_SO.sql
Please enter your string: This is a test
The new string is: Ths s tst
PL/SQL procedure successfully completed.
You can use REGEXP_REPLACE() (though you certainly don't need commas in the character class - plus you don't need to replace with anything):
SELECT REGEXP_REPLACE('A penny for your thoughts','[aeiouAEIOU]')
FROM dual;
You can also use the following which might well be more efficient that using regular expressions (and which will work in Oracle 9i or lower, as well):
SELECT TRANSLATE('A penny for your thoughts', 'AEIOUaeiou', ' ')
FROM dual
Yes, this function call should do the trick:
SELECT REGEXP_REPLACE('A penny for your thoughts','[a,e,i,o,u,A,E,I,O,U]','')
FROM dual;
I'm using Delphi XE2 and AnyDAC and an MSAccess db.
The table 'timea' has 5 fields:
Rec_No AutoNumber
App text
User_ID text
PW text
Comment memo
This code throws the error below. The query works just fine in Access query designer.
sql := 'INSERT INTO [timea] (App, User_ID, PW, Comment) VALUES ("zoo", "Bill", "mi7", "Liger");';
adconnection1.ExecSQL(sql);
Project PWB.exe raised exception class EMSAccessNativeException with message '[AnyDAC][Phys][ODBC][Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 4.'.
Both SQL and Delphi are using single quotes as string boundaries. Since you want to have singe quote inside the string, you have to "escape" it using doube single quote.
For example, if you write S := 'Guns''N''Roses' the varieble S will contain string Guns'N'Roses - 12 characters, not 14.
Be careful when you are concatenating string values, since they might contain single quotes, too. The recommended way to write the query in this case is, for example:
sql := 'INSERT INTO Table (Col) VALUES (' + QuotedStr(Val) + ')';
Function QuotedStr wll take care and double all single quotes in the string. This is also essential to avoid insertion hacks.
I have a table with a structure like this...
the_geom data
geom1 data1+3000||data2+1000||data3+222
geom2 data1+500||data2+900||data3+22232
I want to create a function that returns the records by user request.
Example: for data2, retrieve geom1,1000 and geom2, 900
Till now I created this function (see below) which works quite good but I am facing a parameter substitution problem... (you can see I am not able to substitute 'data2' for $1 in... BUT yes I can use $1 later
regexp_matches(t::text, E'(data2[\+])([0-9]+)'::text)::text)[2]::integer
MY FUNCTION
create or replace function get_counts(taxa varchar(100))
returns setof record
as $$
SELECT t2.counter,t2.the_geom
FROM (
SELECT (regexp_matches(t.data::text, E'(data2[\+])([0-9]+)'::text)::text)[2]::integer as counter,the_geom
from (select the_geom,data from simple_inpn2 where data ~ $1::text) as t
) t2
$$
language sql;
SELECT get_counts('data2') will work **but we should be able to make this substitution**:
regexp_matches(t::text, E'($1... instead of E'(data2....
I think its more a syntaxis issue, as the function execution gives no error, just interprets $1 as a string and gives no result.
thanks in advance,
A E'$1' is a string literal (using the escape string syntax) containing a dollar sign followed by a one. An unquoted $1 is the first parameter to your function. So this:
regexp_matches(t, E'($1[\+])([0-9]+)'))[2]::integer
as you've found, won't interpolate the $1 with the function's first parameter.
The regex is just a string, a string with an internal structure but still just a string. If you know that $1 will be a normal word then you could say:
regexp_matches(t, E'(' || $1 || E'[\+])([0-9]+)'))[2]::integer
to paste your strings together into a suitable regex. However, it is better to be a little paranoid, sooner or later someone is going to call your function with a string like 'ha ha (' so you should be prepared for it. The easiest way that I can think of to add an arbitrary string to a regex is to escape all the non-word characters:
-- Don't forget to escape the escaped escapes! Hence all the backslashes.
str := regexp_replace($1, E'(\\W)', E'\\\\\\1', 'g');
and then paste str into the regex as above:
regexp_matches(t, E'(' || str || E'[\+])([0-9]+)'))[2]::integer
or better, build the regex outside the regexp_matches to cut down on the nested parentheses:
re := E'(' || str || E'[\+])([0-9]+)';
-- ...
select regexp_matches(t, re)[2]::integer ...
PostgreSQL doesn't have Perl's \Q...\E and the (?q) metasyntax applies until the end of the regex so I can't think of any better way to paste an arbitrary string into the middle of a regex as a non-regex literal value than to escape everything and let PostgreSQL sort it out.
Using this technique, we can do things like:
=> do $$
declare
m text[];
s text;
r text;
begin
s = E'''{ha)?';
r = regexp_replace(s, E'(\\W)', E'\\\\\\1', 'g');
r = '(ha' || r || ')';
raise notice '%', r;
select regexp_matches(E'ha''{ha)?', r) into m;
raise notice '%', m[1];
end$$;
and get the expected
NOTICE: ha'{ha)?
output. But if you leave out the regexp_replace escaping step, you'll just get an
invalid regular expression: parentheses () not balanced
error.
As an aside, I don't think you need all that casting so I removed it. The regexes and escaping are noisy enough, there's no need to throw a bunch of colons into the mix. Also, I don't know what your standard_conforming_strings is set to or which version of PostgreSQL you're using so I've gone with E'' strings everywhere. You'll also want to switch your procedure to PL/pgSQL (language plpgsql) to make the escaping easier.