Inserting T-SQL query text into SQL Server table - sql

Can anyone help me to get this work.
[HOD_DESC] LIKE '%r%' is a formatted T-SQL query and I want insert into a table.
EXEC sp_s_saveReportSearch 'x= r ', '[HOD_DESC] LIKE '%r%''

Just escape the quotes by doubling them:
EXEC sp_s_saveReportSearch 'x= r ','[HOD_DESC] LIKE ''%r%'''
I really hope there's a good reason why you're doing this, however.

Double the quotes around quoted part of your SQL string:
EXEC sp_s_saveReportSearch 'x= r ','[HOD_DESC] LIKE ''%r%'''
In the column, inserted value will be [HOD_DESC] LIKE '%r%'

Related

insert Single Quotation Marks in sql

I want to insert " exec e_Report.dbo.FTX_FA_Aging_Report_sp 'FACloedAgingReport' " in AlertSQL columns in my existing table.
How will be my update script?
My script for update is as below:
update dbo.F_ALERT
set AlertSQL= 'exec e_Report.dbo.FTX_FA_Aging_Report_sp '''FACloedAgingReport''
where AlertID=9330
Some how its not giving me expected result.
Thanks in Advance !!
Check your quote positioning. You need a pair of single quotes at either end of the quoted string, as well as the quotes for the whole query.
'exec ee_Report.dbo.FTX_FA_Aging_Report_sp ''FACloedAgingReportSee'''
Currently you have three before and two after, it should be the other way around as per Gordon's answer.
See https://support.microsoft.com/en-us/kb/178070
You need more quotes and things:
update dbo.F_ALERT
set AlertSQL= 'exec e_Report.dbo.FTX_FA_Aging_Report_sp ''FACloedAgingReport'''
where AlertID = 9330 ;
It is a bit confusing, but '''' is a string with a single quote. Two single quotes together are a single single quote. Hence:
'exec e_Report.dbo.FTX_FA_Aging_Report_sp ''FACloedAgingReport'''
^ starts a string
------------------------------------------^ two quotes are single quote in the string
--------------------------------------------------------------^ two quotes are single quote in the string and then one more to end the string itself

How to escape single quotes in Sybase

I come from MySQL and the below query doesn't work in Sybase. How should I escape single quotes?
UPDATE Animals SET NAME = 'Dog\'s friends' WHERE uid = 12
If working with Sybase, having got used to MySQL which more database users have experience you may soon discover you are unable to escape single quotes with backslash in.
So how do you escape quotes in Sybase? In fact, in Sybase SQL the single quote acts as the escape character.
See below for an example UPDATE statement in both “languages”:
MySQL
UPDATE Animals SET NAME = 'Dog\'s friends' WHERE uid = 12
Sybase
UPDATE Animals SET NAME = 'Dog''s friends' WHERE uid = 12
I’m not entirely sure this makes sense to me (especially as it looks like a double quote) but there you go!
You can create a custom function to escape quotes :
CREATE FUNCTION "ESCAPE_QUOTES"(in a_string long varchar)
returns long varchar
begin
return replace(a_string, '''', '''''');
end

How do I remove single quotes from a table in postgresql?

I searched around quite a bit, it would be great if someone could link me to a solution or answer my query.
The thing is I have a postgresql table that contains a lot of single quotes and I cant figure out how to get rid of them, because obviously this
update tablename set fieldname= NULL where fieldname=' ;
wont work.
Better use replace() for this:
UPDATE tbl SET col = replace(col, '''', '');
Much faster than regexp_replace() and it replaces "globally" - all occurrences of the search string. The previously accepted answer by #beny23 was wrong in this respect. It replaced first occurrences only, would have to be:
UPDATE tbl SET col = regexp_replace(col, '''', '', 'g');
Note the additional parameter 'g' for "globally". Read about string functions in the manual.
Aside: the canonical (and SQL standard) way to escape single quotes (') in string literals is to double them (''). Using Posix style escape sequences works, too, of course. Details:
Insert text with single quotes in PostgreSQL
update tablename set fieldname= NULL where fieldname='''' ;
or
update tablename set fieldname= NULL where fieldname=E'\'' ;
insert into table1(data) values ($$it's a string, it's got some single quotes$$)
Use $$ before and after the string. It will insert data.

select * from table_name where column like '&nbsp'

I need to find records containing html code such as '&nbsp' But when I try to run the select * from table_name where column like '&nbsp%'
I got prompt asking for the value of nbsp. I guess the database thinks that nbsp is a parameter. I am wondering if the is an escape character so that I can tell the database that "&" is part of my query string. I tryed '\&nbsp' but didn't work.
My environment is Oracle 9i with sqlplus client.
Thanks.
Have a look at this:
SQL Plus FAQ
e.g.
SET ESCAPE '\'
SELECT '\&abc' FROM dual;
Easier way:
SET DEFINE OFF
See:
SET DEFINE
The backslash should work, but I think you need to start your query with
SET ESCAPE ON
In PL/SQL, you would use:
BEGIN select <Column> from <Table_name> into <Variable> where <Column> LIKE '\&nbsp\%' ESCAPE '\'; END
/
Resources:
Wilcards in SQL on PSOUG.org
LIKE Condition in Oracle® Database SQL Language Reference 11g Release 2 (11.2)

SQL Server - Replacing Single Quotes and Using IN

I am passing a comma-delimited list of values into a stored procedure. I need to execute a query to see if the ID of an entity is in the comma-delimited list. Unfortunately, I think I do not understand something.
When I execute the following stored procedure:
exec dbo.myStoredProcedure #myFilter=N'1, 2, 3, 4'
I receive the following error:
"Conversion failed when converting the varchar value '1, 2, 3, 4' to data type int."
My stored procedure is fairly basic. It looks like this:
CREATE PROCEDURE [dbo].[myStoredProcedure]
#myFilter nvarchar(512) = NULL
AS
SET NOCOUNT ON
BEGIN
-- Remove the quote marks so the filter will work with the "IN" statement
SELECT #myFilter = REPLACE(#myFilter, '''', '')
-- Execute the query
SELECT
t.ID,
t.Name
FROM
MyTable t
WHERE
t.ID IN (#myFilter)
ORDER BY
t.Name
END
How do I use a parameter in a SQL statement as described above? Thank you!
You could make function that takes your parameter, slipts it and returns table with all the numbers in it.
If your are working with lists or arrays in SQL Server, I recommend that you read Erland Sommarskogs wonderful stuff:
Arrays and Lists in SQL Server 2005
You need to split the string and dump it into a temp table. Then you join against the temp table.
There are many examples of this, here is one at random.
http://blogs.microsoft.co.il/blogs/itai/archive/2009/02/01/t-sql-split-function.aspx
Absent a split function, something like this:
CREATE PROCEDURE [dbo].[myStoredProcedure]
#myFilter varchar(512) = NULL -- don't use NVARCHAR for a list of INTs
AS
SET NOCOUNT ON
BEGIN
SELECT
t.ID,
t.Name
FROM
MyTable t
WHERE
CHARINDEX(','+CONVERT(VARCHAR,t.ID)+',',#myFilter) > 0
ORDER BY
t.Name
END
Performance will be poor. A table scan every time. Better to use a split function. See: http://www.sommarskog.se/arrays-in-sql.html
I would create a function that takes your comma delimited string and splits it and returns a single column table variable with each value in its own row. Select that column from the returned table in your IN statement.
I found a cute way of doing this - but it smells a bit.
declare #delimitedlist varchar(8000)
set #delimitedlist = '|1|2|33|11|3134|'
select * from mytable where #delimitedlist like '%|' + cast(id as varchar) + '|%'
So... this will return all records with an id equal to 1, 2, 33, 11, or 3134.
EDIT:
I would also add that this is not vulnerable to SQL injection (whereas dynamic SQL relies on your whitelisting/blacklisting techniques to ensure it isn't vulnerable). It might have a performance hit on large sets of data, but it works and it's secure.
I have a couple of blog posts on this as well, with a lot of interesting followup comments and dialog:
More on splitting lists
Processing list of integers