Here's a very easy question for someone :)
Trying to update an SQL column with the following:
UPDATE [NameOfTable]
SET [HtmlContent] = 'a href="/sell-your-boat/"'
WHERE HtmlID = 123456
But am getting the following error message: Incorrect syntax near '/'.
I know it's because I need to escape the / character but hitting my head against the wall trying to find the answer because I am aware it's probably very simple!
Thank you
You don't need to escape slashes in a string in SQL. The only chracter that you need to escape is apostrophe (').
There is nothing wrong with the query that you are showing, so the only explanation is that the code that you are actually running does not look like that.
It doesn't make sense to have HTML-encoded quotation marks around a href attribute, so my guess is that the HTML code actually looks something like this:
<a href='/sell-your-boat/'>
Any apostrophes in the text would have to be encoded as double apostrophes when you put it in a string literal in the SQL code.
I don't know where the query is executed from, but a parameterised query would be preferrable if possible, as then you don't have to escape the text yourself, you just assign the text to the property value.
Like all the comments above, youd don't need to escape the /
I just did a quick sql test in sql server 2005 and didn't get an error message (see below)
We'll probably need more information than what you provided. Are you running this in Management studio, or is this sql being called in a .NET application, etc...
create table test (htmlid int, htmlcontent varchar(516))
insert into test select 123456 as htmlid, 'test' as htmlcontent
update test
set htmlcontent = 'a href="/sell-your-boat/"'
where htmlid = 123456
select * from test where htmlid = 123456
drop table test
my output
123456 a href="/sell-your-boat/"
Related
I am new to SQL and I am trying to link my excel workbook (2010) to an Access database table (2010) using MS Query to return some summary statistics on our Fleet. I have a parameter for the month which is located in a cell in the excel workbook.
The code I have is below and I get the error message
The SELECT statement includes a reserved word or an argument name that
is misspelled or missing, or the punctuation is incorrect.
I have used the parameter for more simple information and it works perfectly, however, this code seems to be missing something.
SELECT tbl_FLEET_HISTORY.`Type`,
Sum(tbl_FLEET_HISTORY.`Number Railcars`) AS `QTY_Wagons`
Sum(tbl_FLEET_HISTORY.`Number of Platforms: loading units`) AS `QTY_Platforms`
Sum(tbl_FLEET_HISTORY.`Days Leased in Month`) AS `Days_Leased`
Sum(tbl_FLEET_HISTORY.`Days Available`) AS `Days_Available`
Sum(tbl_FLEET_HISTORY.`Daily Rate`) AS `Daily_Rate`
FROM tbl_FLEET_HISTORY tbl_FLEET_HISTORY
WHERE (tbl_FLEET_HISTORY.`Month`=?)
and (tbl_FLEET_HISTORY.`Leased During Month`=`Yes`)
GROUP BY tbl_FLEET_HISTORY.`Type`
I have run through a lot of the answers to this topic but I have not been able to resolve the issue.
I would really appreciate any assistance. If there is any additional information needed please let me know.
In MS Access, the query would look more like:
SELECT fh.Type,
SUM(fh.[Number Railcars]) AS QTY_Wagons,
SUM(fh.[Number of Platforms: loading units]) AS QTY_Platforms,
SUM(fh.[Days Leased in Month]) AS Days_Leased,
SUM(fh.[Days Available]) AS Days_Available,
SUM(fh.[Daily Rate]) AS Daily_Rate
FROM tbl_FLEET_HISTORY as fh
WHERE fh.Month = ? AND
fh.Leased During Month = "Yes"
GROUP BY fh.type;
Notes:
String constants are delimited by double quotes in MS Access.
Backticks are not used at all. Column names are escaped using square braces.
You do not need to escape the aliases you are assigning.
You need commas between the expressions in the SELECT.
I am developing a application based on native Indian language. I have to search the database column (in native language) student name in native language. Can anybody help me to solve this issue
my query builder code looks like this and shows syntax error
SELECT [ಕ್ರಮ ಸಂಖ್ಯೆ], [ವಿದ್ಯಾರ್ಥಿಯ ಹೆಸರು] AS Name, [ರಜಿಸ್ಟರ್ ಸಂಖ್ಯೆ], [ಡೈಸ್ ಸಂಖ್ಯೆ], [ವರ್ಗ], [ಕನ್ನಡ], [ಇಂಗ್ಲೀಷ], [ಹಿಂದಿ], [ಗಣಿತ], [ವಿಜ್ಞಾನ], [ಸಮಾಜ ವಿಜ್ಞಾನ], [ದೈಹಿಕ ಶಿಕ್ಷಣ], [ಒಟ್ಟು ಅಂಕಗಳು], [ಶೇಕಡಾ], [ಶ್ರೇಣಿ], [ಒಟ್ಟು ಅಂಕಗಳು ಅಕ್ಷರದಲ್ಲಿ], [ಲ,ಕ/ಕಲಾ ಶಿಕ್ಷಣ], [ಕಂಪ್ಯೂಟರ ಶಿಕ್ಷಣ], [ಫಲಿತಾಂಶ]
FROM Table11
WHERE ವಿದ್ಯಾರ್ಥಿಯ ಹೆಸರುCollate Indic_General_100_CI_AI LIKE N '%ಮ%'
I notice a couple things right off. Because the field in your where clause has a space in it... you have to put delimiters around it. Also, you don't seem to have a space between your field and the Collate keyword... that is necessary. Lastly, you can not have a space between the N and the apostrophe to specify a nvarchar string literal. So try a where clause like this:
WHERE [ವಿದ್ಯಾರ್ಥಿಯ ಹೆಸರು] Collate Indic_General_100_CI_AI LIKE N'%ಮ%'
If you are still getting an error, it could be that your field [ವಿದ್ಯಾರ್ಥಿಯ ಹೆಸರು] is not of a unicode string type. Make sure the field is defined as nvarchar, nchar,...etc.
From your comment it appears that you are querying a MS Access database. The above is for querying a SQL Server Engine. The where clause for access would look like this:
WHERE [ವಿದ್ಯಾರ್ಥಿಯ ಹೆಸರು] LIKE '*ಮ*'
I have a Body column that is full text indexed and is nvarchar(max)
One row has this in the Body column
You want slighty mad this sat the 60th runing of the 3peaks race! Peny-ghent whernside and inglbauher! Only in yorkshire!
If I run: select body from messages where CONTAINS(Body,'you') it doesn't return any data.
If I run the below adding wildcards select messageid,body from messages where CONTAINS(body,'"*you*"') it still doesnt return the data.
Can you help me understand what's going on please?
Thanks
UPDATE : It makes no difference if its you or You, either way no results
It can be case sensitivity issue. Try with select messageid,body from messages where CONTAINS(body,'"*You*"') and see if you are getting the result or not
A full text catalog has a set of words in a “stoplist” that it won’t search on as SQL Server considers them “unimportant for search purposes”
To get this you can run
select ssw.*
from sys.fulltext_system_stopwords ssw
where ssw.language_id = 1033;
Below are the words it won’t search on and you’ll see it contains “you” hence why it didn’t find my data.
Is it possible to use a wildcard in a SQL LIKE statement within a ColdFusion cfscript query?
An example that doesn't work:
local.q = new Query();
local.q.setDatasource(variables.dsn);
local.q.addParam(name='lastname', value='%' & arguments.lastname, cfsqltype="cf_sql_varchar");
local.qString = 'SELECT name FROM users WHERE lastname LIKE :lastname';
local.q.setSQL(local.qString);
local.result = local.q.execute().getResult();
I also tried these, which didn't work:
local.qString = 'SELECT name FROM users WHERE lastname LIKE %:lastname';
local.qString = "SELECT name FROM users WHERE lastname LIKE '%:lastname'";
UPDATE:
I am using MS SQL Server 2008.
The query works fine within SQL Server Mgmt Studio... I think it has something to do with how to format the query within cfscript tags?
Yes, it is possible. You're setting it in the param, which is correct. I'm not sure why it's not working with you.
I did the following and it worked.
var qryArgsCol = {};
qryArgsCol.datasource = variables.datasource;
qryArgsCol.SQL = "
SELECT ID
FROM Users
WHERE LastName LIKE :searchStringParam
";
var qryGetID = new query(argumentCollection=qryArgsCol);
qryGetID.addParam(name="searchStringParam", value="%" & searchString, cfsqltype="cf_sql_varchar");
qryGetIDResult = qryGetID.execute().getResult();
There's a response here from Adam Cameron, which was apparently deleted by an overzealous mod.
Rather than repeat what he says, I've just copied and pasted (with emphasis added to the key parts):
Just to clarify that the syntax you tried in your first example does work. That is the correct approach here. To clarify / explain:
The <cfquery> version of the example you have would be along the lines of:
<cfqueryparam value="%foo">
So in the function version, the param would be ? or :paramName and the value of the param would continue to be "%foo".
The % is part of the param value, not the SQL string.
So given that "doesn't work" for you, it would help if you posted the error, or whatever it is that causes you to think it's not working (what your expectation is, and what the actual results are). Then we can deal with the actual cause of your problem, which is not what you think it is, I think.
Does the query work fine as a <cfquery>?
Depending on the dbms used, that single and double quotes may be interpreted when the sql statement is run. What dbms are you using? Your statement now doesn't select for the value in the variable, but for any user whose lastname is "lastname". It should be something like:
lastname like '%#lastname#'
Just remember that you ultimately need to see what CF gives the DB server. In this instance, you can try this mockup to get close and find the same error in SSMS by messing with the quotes/value in the param declaration:
declare #param1 varchar(max) = '%Eisenlohr';
SELECT name FROM users WHERE lastname LIKE #param1
I just ran into the same problem as the original poster where it "wasn't working" and I didn't get any results from the query of queries.
The problem for me is that the wildcard search is case-sensitive.
local.q = new Query();
local.q.setDatasource(variables.dsn);
local.q.addParam(name='lastname', value='%' & LCase(arguments.lastname), cfsqltype="cf_sql_varchar");
local.qString = 'SELECT name FROM users WHERE LOWER(lastname) LIKE :lastname';
local.q.setSQL(local.qString);
local.result = local.q.execute().getResult();
So what I did was made sure the incoming argument was lower case and made sure the comparing field in the SQL was lower case as well and it worked.
Use like this.
local.q = new Query();
local.q.setDatasource(variables.dsn);
local.q.addParam(name="lastname", cfsqltype="cf_sql_varchar",value='%ARGUMENTS.lastname' );
local.qString = 'SELECT name FROM users WHERE lastname LIKE :lastname';
local.q.setSQL(local.qString);
local.result = local.q.execute().getResult();
I would suggest using the CFQuery tag instead of attempting to run queries within CFScript. Unless you REALLY know what you are doing. I say this because the CFQuery tag has some built-in functionality that not only makes building queries easier for you but may also protect you from unforeseen attacks (the SQL injection type). For example, when using CFQuery it will automatically escape single-quotes for you so that inserting things like 'well isn't that a mess' will not blow up on you. You also have the benefit of being able to use the CFQueryParam tag to further battle against SQL injection attacks. While you may be able to use the CFQueryParam functionality within CFScript it is not as straight forward (at least not for me).
See this blog post from Ben Nadel talking about some of this.
So in CFQuery tags your query would look something like this:
<cfquery name="myQuery" datasource="#variables.dsn#">
SELECT name
FROM users
WHERE lastname LIKE <cfqueryparam cfsqltype="cf_sql_varchar" value="%:#arguments.lastname#" maxlength="256" />
</cfquery>
First, I know that this question has been asked on this forum already, but each previous question differs from my situation and the solutions don't work. My commas are all there and I'm using a very simple query. Moving right along:
I'm using a linked table in Access, which links to a SQL Server database. Everything works except this query. If I run the text directly in SQL Server, it runs fine. Therefore, the syntax of the query must be fine.
Here's what I'm running:
CurrentDb.Execute "Update dbo_TS_Activity Set [Remarks] = ''Updated Remarks'' Where [id] = 1124 AND [Emp_Name] = ''CONFUSED'' AND [Approved] = 0"
I get Run-time error '3075'
Syntax error (missing operator) in query expression ''Updated Remarks''
What I've tried:
Single quotes
Double quotes
Double single (two apostrophes) quotes
No quotes
Opening the linked table and manually editing it (it works)
Crying (just kidding)
This should work fine, AFAICT, from what you've posted along with your comment above.
CurrentDb.Execute "Update dbo_TS_Activity Set [Remarks] = 'Updated Remarks' Where [id] = 1124 AND [Emp_Name] = 'CONFUSED' AND [Approved] = 0"
2 Things finally fixed it... I ran the update in the query designer and it gave me this weird syntax of parenthesis around the WHERE statement so it looked like:
Where (((dbo_vw_TS_Activity.[id]) = 1124))
Finally, it wanted double-double-quotes for variables, like:
SET [Remarks] = ""The updated remarks...""
Suddenly, it's happy. Consequently, I am too.