REGEXP_LIKE help with literal single-quote

Similar Messages

• SQL Injection, replace single quote with two single quotes?

  Is replacing a single quote with two single quotes adequate
  for eliminating
  SQL injection attacks? This article (
  http://www.devguru.com/features/kb/kb100206.asp
  ) offers that advice, and it
  enabled me to allow users to search name fields in the
  database that contain
  single quotes.
  I was advised to use "Paramaterized SQL" in an earlier post,
  but I can't
  understand the concept behind that method, and whether it
  applies to
  queries, writes, or both.

  Then you can use both stored procedures and prepared
  statements.
  Both provide better protection than simply replacing
  apostrophes.
  Prepared statements are simple:
  Set myCommand = Server.CreateObject("ADODB.Command")
  ...snip...
  myCommand.CommandText = "INSERT INTO Users([Name], [Email])
  VALUES (?, ?)"
  ...snip...
  myCommand.Parameters.Append
  myCommand.CreateParameter("@Name",200,1,50,Name)
  myCommand.Parameters.Append
  myCommand.CreateParameter("@Email",200,1,50,Email)
  myCommand.Execute ,,128 'the ,,128 sets execution flags that
  tell ADO not to
  look for rows to be returned. This saves the expense of
  creating a
  recordset object you don't need.
  Stored procedures are executed in a similar manner. DW can
  help you with a
  stored procedure through the "Command (Stored Procedure)"
  server behavior.
  You can see a full example of a prepared statement by looking
  at DW's
  recordset code after you've created a recordset using version
  8.02.
  "Mike Z" <[email protected]> wrote in message
  news:eo5idq$3qr$[email protected]..
  >I should have repeated this, I am using VBScript in ASP,
  with an Access DB.
  >

• How to replace double quotes with a single quote in a string ?

  Hi All:
  Can some one tell me how to replace double Quote (") in a string with a single quote (') ? I tried to use REPLACE function, but I couldn;t get it worked.
  My example is SELECT REPLACE('STN. "A"', '"', ''') FROM Dual --This one throws an error
  Thanks,
  Dima.

  Whether it is maybe not the more comfortable way, I like the quoting capabitlity from 10g :
  SQL> SELECT REPLACE('STN. "A"', '"', q'(')') FROM Dual;
  REPLACE(
  STN. 'A'{code}
  Nicoals.                                                                                                                                                                                                                                                                                                                                                                                                                                       

• How to pass presentation variable with enclosing single quotes

  HI All,
  As all of you know in 11g, Presentation variable can hold more than one value.So we can pass multiple values to the report through presentation variable.
  If we select x,y,z values from prompt drop down,then those values will be stored like x,y,z in the presentation variable.
  but I would like to store these values with enclosing single quotes like 'x,y,z'
  The reason is I need to pass this variable value as input to BI Publisher sql dataset query where clause.
  Please share your Ideas.
  Thanks,
  Aravind

  Aravind,
  Check this
  Predefined Presentation Variables in OBIEE 11G | Praveen&amp;#039;s Blog

• String with embedded single quote

  Hi, all. We're trying to pass a string from one procedure to another, which will then do an EXECUTE IMMEDIATE on it. However, there are single quotes withing the string, and they're driving us nuts! This is what the concatenated string should look like when passed to the pw_execDDL procedure:
  insert into appimmunization.wsrprfs (inoc_id, proof, is_valid,proof_num) values ('MEAG', to_date('02-OCT-05','DD-MMM-YY'), 'Y',1);
  Here's the concatenation process that doesn't work, and there are functions being called within the string:
  chr_sql := 'insert into appimmunization.wsrprfs (inoc_id, proof, is_valid,proof_num) values (' || '''' || prm_inoc_id || '''' || ', ' || 'to_date(' || '''' || prm_proof1 || ''''||','||'''' ||'DD-MMM-YY'||''''||')' || ', ' || '''' || fw_is_proof_valid(prm_birth_date, prm_proof1) || '''' || ',1);';
  pw_execDDL(chr_sql); /* call the procedure to do the EXECUTE IMMEDIATE */
  Help! We've tried every combination -- using two single quotes together, three, and four, and still no luck. Thanks.

  insert into appimmunization.wsrprfs (inoc_id, proof,
  is_valid,proof_num) values ('MEAG',
  to_date('02-OCT-05','DD-MMM-YY'), 'Y',1);
  This statement can be made in a string with the following affectation:
  chr_sql := 'insert into appimmunization.wsrprfs (inoc_id, proof, is_valid,proof_num) values (''MEAG'', to_date(''02-OCT-05'',''DD-MMM-YY''), ''Y'',1)';
  Note please that each single quote in your original string must be specified using two single quotes and that is all. It is more readable and more easy to do it this way.
  Michel.

• Query with Apostrophe (single quote)

  Hi all,
  I have noticed that when you enter a search string with an apostrophe (eg. Tito's Station) in a textbox on a form linked to a table and hit the Query button, it generates an sql error. I think this is cos u cannot have an apostrophe (single quote) in the search string in a "where" clause.
  I am using Portal version 3.0.6.6.5 on an 8.1.7 database.
  I have logged a tar (1744105.999) for this but it is said to be a bug (1759202). I wish to enquire whether any of you have had this problem with a later version or at which version leve this bug has been fixed.
  Does any1 know how to limit the text typed into a texbox, so that it wont accept certain characters (eg. the apostrophe key) ??
  Thanks

  Hi Rene'
  Thanks for your help! This will definitely help me alot! I am a little baffled with your code for delimiting the single quote. I tried it and it doesnt work.
  Thanks very much for the response
  Naseem
  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Rene' Castle ([email protected]):
  This is still an issue in 3.0.8.9.8. You can use a Javascript validation routine to disallow special characters.
  If you want to check to see that they only enter certain things you can do:
  var s = theElement.value;
  var filter=/^[a-zA-Z]{1,}$/;
  if (s.length == 0 ) return true;
  if (filter.test(s))
  return true;
  else
  alert(" Please input a valid character" );
  theElement.focus();
  theElement.select();
  return false;
  The above code would only allow one or more alphabetic characters. You could make it [a-zA-Z0-9] to allow alphanumeric characters. You could also allow anything but specific characters by doing the following:
  var s = theElement.value;
  var filter=/[^']*/;
  if (s.length == 0 ) return true;
  if (filter.test(s))
  alert(" Please input a string without a single quote (') in it" );
  theElement.focus();
  theElement.select();
  return false;
  else
  return true;
  Hope this gets you started.
  Rene'<HR></BLOCKQUOTE>
  null

• Update with a Single Quote value

  how do i update a field containing a sigle quote in a record ?
  e.g :
  i have a table s_order_item_xa
  filed: attr_name
  old value: Noofndk
  new value: Noofn's
  how can i update above field value? i am using row_id in where condition to identify rows which i want to update.

  Hi,
  Is the question "How can I include a single-quote character in a string literal?", then the answer is to use 2 of them, like this:
  UPDATE  books
  SET     dewey_num = '291''.4'
  WHERE   dewey_num = '291.4'
  ;In Oracle 10 (and up) you can also use Q-notation. For example:
  UPDATE  books
  SET     dewey_num = Q'[291'.4]'
  WHERE   dewey_num = '291.4'
  ;Edited by: Frank Kulash on Sep 14, 2009 9:51 AM

• Issue searching a content with a single quote in title using matches

  Hi,
  I'm trying to search a content which has a single quote in its title by using the following code:
  ISCSSearchAPI searchAPI = app.getUCPMAPI ().getActiveAPI ().getSearchAPI ();
  ISCSSearchQuery query = (ISCSSearchQuery)app.getUCPMAPI ().createObject (ISCSSearchQuery.class);
  query.setQueryText(queryText);
  ISCSSearchResponse response = searchAPI.search(scsContext, query);
  when the query text is: dDocTitle <matches> `What's New`
  an exception occurs:
  Unable to retrieve search results. Error occurred while retrying the search query. Error occurred while processing. Unable to return results.
  Exception in thread "main" com.stellent.cis.client.command.CommandException: Unable to retrieve search results. Error occurred while retrying the search query. Error occurred while processing. Unable to return results.
       at com.stellent.cis.server.api.scs.impl.SCSCommand.executeRequest(SCSCommand.java:338)
       at com.stellent.cis.server.api.scs.impl.SCSCommand.execute(SCSCommand.java:222)
       at com.stellent.cis.client.command.impl.services.CommandExecutorService.executeCommand(CommandExecutorService.java:57)
       at com.stellent.cis.client.command.impl.CommandFacade.executeCommand(CommandFacade.java:158)
       at com.stellent.cis.client.command.impl.BaseCommandAPI.invokeCommand(BaseCommandAPI.java:84)
       at com.stellent.cis.client.api.scs.search.impl.SCSSearchAPI.search(SCSSearchAPI.java:52)
       at com.guycarp.cm.service.ContentQueryService.search(ContentQueryService.java:133)
       at com.guycarp.cm.service.ContentQueryService.main(ContentQueryService.java:168)
  Caused by: com.stellent.cis.server.api.scs.request.SCSRequestException: Unable to retrieve search results. Error occurred while retrying the search query. Error occurred while processing. Unable to return results.
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestProcessor.checkBinderForErrors(SCSRequestProcessor.java:357)
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestProcessor.validateResponse(SCSRequestProcessor.java:273)
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestProcessor.processRequest(SCSRequestProcessor.java:118)
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:61)
       at com.stellent.cis.server.api.scs.request.stream.SCSOptimizedPublishFilter.handleRequest(SCSOptimizedPublishFilter.java:128)
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:58)
       at com.stellent.cis.server.api.scs.request.stream.SCSOptimizedRetrieveFilter.handleRequest(SCSOptimizedRetrieveFilter.java:250)
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:58)
       at com.stellent.cis.server.api.scs.request.rewrite.SCSRewriteURLFilter.handleRequest(SCSRewriteURLFilter.java:140)
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:58)
       at com.stellent.cis.server.api.scs.request.cache.impl.SCSServiceCacheFilter.handleRequest(SCSServiceCacheFilter.java:104)
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:58)
       at com.stellent.cis.server.api.scs.request.impl.SCSRequestExecutorProxy.execute(SCSRequestExecutorProxy.java:105)
       at com.stellent.cis.server.api.scs.impl.SCSCommand.executeViaProxy(SCSCommand.java:353)
       at com.stellent.cis.server.api.scs.impl.SCSCommand.executeRequest(SCSCommand.java:335)
  but the query text dDocTitle <contains> `What's New`
  works fine.
  Is there any escape character that I should be using for the single quote when we use <matches> operator?
  Facing the same issue when searching from the content server console.
  Any idea!
  Thanks,
  Anil

  There seems to be none OOTB, but you can define it, see http://docs.oracle.com/cd/E25054_01/doc.1111/e10792/c05_search.htm#CHDIEECF

• Help with iWeb single file support

  Hi all. I'm trying to make a single file document with html support to use as a cover letter for potential employers, I understand that .mhtml is not supported, is there an alternative so I can combine my entire site into a single file for easy distribution?

  Open iWeb and go and publish your site from iWeb to your desktop and you then have one site folder, an index.html file and the assets file. Ditch the index and assets file and then you are just left with one site folder that has everything in it - so for a one page site you will have an index.html file, your one page.html and your one page folder, which contains the CSS for that page.
  Burn this one site folder onto a DVD or however you want to distribute the site and both Mac and PC user will be able to open it with Safari, IE etc. As it is an html page it will open in a browser, so PC users will be able to see it.
  If you were sharing your site with other Mac users, you could distribute the domain.sites file and other Mac users could then open this with iWeb, but it then depends on what version they have too - if you have made your site with iWeb 09 and they have iWeb 08, then they would not be able to open the domain file, as iWeb is not backward compatible.
  Probably best to publish the site and distribute one site folder which everyone can get access to.

• Need help with a single line..

  ((Vector)accountChars.get((String)charAccounts.get((String)charNames.get(i)))).add((String)charNames.get(i));
  In this line...
  AccountChars is a Hashtable. It contains Vectors(as values) and Strings(as keys)
  charAccounts is a Hashtable. It contains Strings(as values) and Strings(as keys)
  charNames is a Vector. It contains Strings(as values)
  I'm trying to add a String into a Vector that is inside a Hashtable, but I get NullPointerExceptions when trying to execute it... Can anyone help?

  well breaking it up that way is enough, because the
  error is being generated on this line:
  entry.add((String)charNames.get(i));The two things in that line that can throw that exception are: charNames being null, or entry being null. Considering neither of these are instanciated in this line, then the problem isn't actually with this line. The problem is that one of those objects has a null pointer reference. You'll have to go through your code and make sure all of them are instanciated or set to a reference that ins't null. Using the "new" keyword is one way to do this.

• Report handling names with a single quote

  Report 10gR2
  I have created a report and most of the functionality that i want is working as expected.
  I have a report where i am letting user enter their first name on one field and last name on another field in the parameter screen ( thats how it's stored in the database)
  If they enter any name with an aphostrophe , say D'Costa ( either first name or last name)
  then i get the below error
  REP-50003: Bad parameter: pfaction=http://.........
  I am using like keyword as seen below in the afterparam trigger and passing the parameter :p_where_last_name to the main sql query
       :p_where_last_name := ' AND UPPER( :last_name) LIKE (' ||''''||'%'||UPPER(:last_name)||'%'||''''||')' ;
  Whats the best approach to handle this issue
  Also is there a way to capture this error
  ' REP-50003: Bad parameter: pfaction=http://.........
  ' and display a message, if so where and how, please advise.
  thanks.
  Edited by: Forms_Reports_Beginner on Aug 13, 2009 1:52 PM

  I am not using form , it's just done in report, that is i am not calling the report from a form , just from a menu.
  :last_name is a report_paramter that i created on the report.
  you're right the first assignmnt is
  AND UPPER( db column) LIKE
  I have a paramter form on the report with a field last name and I am letting the user enter last name there which gets stored in the :last_name
  Edited by: Forms_Reports_Beginner on Aug 14, 2009 7:29 AM
  Edited by: Forms_Reports_Beginner on Aug 14, 2009 7:32 AM
  Rodolfo,
  your solution works,
  :p_where_clause := ' AND UPPER( db_column ) LIKE (' ||''''||'%'||UPPER(Replace(:p_2,chr(39), chr(39)||chr(39)))||'%'||''''||')' ;
  but i dont quite understand how this is working
  Replace(:p_2,chr(39), chr(39)||chr(39))
  i have never used chr
  Edited by: Forms_Reports_Beginner on Aug 14, 2009 7:35 AM

• How do I replace one ' (Single Quote) with '' (Two single Quote)

  Hi,
  I have been surfing around the forum, coudn't find the similiar case.
  I have been trying but fail. Below is my code:
  activity = request.getParameter("activity");
  activity = activity.replace("\'", "\'\'");
  Error Occur:
  Incompatible type for method. Can't convert java.lang.String to char. activity = activity.replace("\'", "\'");
  I'm trying to use replaceAll(), but seem like the method is not existed, we are using Version Java 1.3
  Pls advise.
  Regards
  Ying

  For JDK 1.3 or ealier, use this:
    public static String replaceSubstrings(String str, String sub, String rep){
      int s, p, q;
      int slen = sub.length();
      StringBuffer sb = new StringBuffer();
      s = 0;
      p = str.indexOf(sub);
      q = p + slen;
      while (p != -1){
        sb.append(str.substring(s, p));
        sb.append(rep);
        s = q;
        p = str.indexOf(sub, s);
        if (p != -1){
          q = p + slen;
      sb.append(str.substring(s));
      return sb.toString();
  activity = replaceSubstrings(activity, "'", "''");

• Replace single quote with two single quotes

  Hi all,
  I have a value = ABCD'S(>@!23. i want to replace the value as ABCD''S(>@!23.
  Thanks in advance

  What is your database version ? Q operator works from 10G onwards.
  SQL*Plus: Release 10.2.0.1.0 - Production on Tue Nov 23 14:35:38 2010
  Copyright (c) 1982, 2005, Oracle.  All rights reserved.
  SQL> conn hr
  Enter password:
  Connected.
  SQL>  CREATE TABLE test_Q_operator(str VARCHAR2(30));
  Table created.
  SQL> INSERT INTO test_Q_operator VALUES('ABCD''S(>@!23');
  1 row created.
  SQL> INSERT INTO test_Q_operator VALUES('Saubhik''s test row');
  1 row created.
  SQL> commit;
  Commit complete.
  SQL> SELECT str,REPLACE(str,Q'[']',Q'['']') col2
    2  FROM test_Q_operator;
  STR
  COL2
  ABCD'S(>@!23
  ABCD''S(>@!23
  Saubhik's test row
  Saubhik''s test row
  SQL>Also check you SQL*PLUS client version.

• Dynamic SQL and Data with Single Quotes in it.

  Hi There,
  I have a problem in that I am using dynamic SQL and it happens that one of the columns does contain single quotes (') in it as part of the data. This causes the resultant dynamic SQL to get confused as the single quote that is part of the data is taken to mean end of sting, when in fact its part of the data. This leaves out a dangling single quote that was meant to enclose the string. Here is my dynamic SQL and the result of the parsed SQL that I have captured:
  ****Dynamic SQL*****
  l_sql:='select NOTE_TEMPLATE_ID '||
  'FROM TMP_NOTE_TEMPLATE_VALUES '||
  'where TRIM(LEGACY_NOTE_CODE)='''||trim(fp_note_code)||''' '||
  'and TRIM(DISPLAY_VALUE)='''||trim(fp_note_text)||''' ';
  execute immediate l_sql INTO l_note_template_id;
  Because the column DISPLAY_VALUE contains data with single quotes, the resultant SQL is:
  ******PARSED SQL************
  select NOTE_TEMPLATE_ID
  FROM TMP_NOTE_TEMPLATE_VALUES
  where TRIM(LEGACY_NOTE_CODE)='INQ' and TRIM(DISPLAY_VALUE)='Cont'd'
  And the problem lies with the single quote between teh characters t and d in the data field for DISPLAY_ITEM. How can I handle this?
  Many thanks,

  I have been reliably informed that if one doesn't enclose char/varchar2 data items in quotes, the right indices may not be usedI am into oracle for past 4 years and for the first time i am hearing this.
  Your reliable source is just wrong. Bind variables are variables that store your value and which are used in SQL. They are the proper way to use values in your SQL. By default all variables in PL/SQL is bind variable.
  When you can do some thing in just straight SQL just do it. Dynamic SQL does not make any sense to me here.
  Thanks,
  Karthick.

• URGENT  update a table with a text that has a single quote in it

  Hello, I am trying to update a table with a text that has a single quote in it. I believe I need to use two singles quotes but I am not sure how.
  For example:
  UPDATE TEST
  SET DESCRLONG='Aux fins d'exportations'
  WHERE etc...
  Should I put 2 singles quotes before the quote in the text?
  UPDATE TEST
  SET DESCRLONG='Aux fins d'''exportations'
  WHERE etc...
  Thank you very much :)

  The best way depends on the version of Oracle.
  But, the quick and universal answer is to use two single quotes
  SQL> connect test/test
  Connected.
  SQL> create table test (descrlong varchar2(128));
  Table created.
  SQL> insert into test values ('This is a string with a '' single quote');
  1 row created.
  SQL> select * from test;
  DESCRLONG
  This is a string with a ' single quote
  SQL> update test set descrlong='Aux fins d''exportations'
    2  where descrlong like 'T%';
  1 row updated.
  SQL> select * from test;
  DESCRLONG
  Aux fins d'exportations
  SQL>