Escape comment special characters

Hi all,
I need to enter a varchar value wich contains a comment special characters (--) : var mystring := '--'; How can I achieve this ? Thanks in advance.
Best regards,
Othman.

What is a your exact problem?
SQL> set serveroutput on
SQL> DECLARE
2    string varchar2(10);
3 BEGIN
4    string := '--'; -- the characters after the comment characters are interpreted as comments.
5    dbms_output.put_line(string);
6 END;
7 /
PL/SQL procedure successfully completed.In here, '--' after 7th line is output of dbms_output.put_line(string).

Similar Messages

Special characters in utl._url.escape

Hi I am using httpuri for google translator to convert into different languages.
While passing the string, to escape the white spaces, I am using utl_url.escape . But many of my words contain special characters like '+ , @ , $ , ) ,. ,; [, ] etc.
Not sure how to pass these special characters in uri type.
httpuritype
              ('http://translate.google.com/?hl=' ||
                p_from || '&layout=1&eotf=1&sl=' || p_from ||
                '&tl=' || p_to || '&text=' ||
               utl_url.escape (p_words) || '#').getclob();few of my words for translation are
VALERIANA OFFICINALIS L. + HYPERICUM PERFORATUM L. + MELISSA OFFICINALIS L.
VALERIANA OFFICINALIS L. + HYPERICUM PERFORATUM L. + [ MELISSA OFFICINALIS] L.
please advise me how to pass these special characters to the URL.

I am using the below mentioned tranlation function to translate into different languages
/* Formatted on 16/08/2012 21:55:39 (QP5 v5.215.12089.38647) */
CREATE OR REPLACE FUNCTION translator (p_words   IN CLOB, -- words to be translated
                                       p_to      IN VARCHAR2, -- language to translate to
                                       p_from    IN VARCHAR2) -- language to translate from
   RETURN CLOB
AS
   l_uritype   CLOB;
   l_result    CLOB;
BEGIN
   l_uritype :=
      httpuritype (
            'http://translate.google.com/?hl='
         || p_from
         || '&layout=1&eotf=1&sl='
         || p_from
         || '&tl='
         || p_to
         || '&text='
         || UTL_URL.escape (p_words)
         || '#').getclob ();
   l_result :=
      REGEXP_SUBSTR (
         l_uritype,
         '<span id=result_box class="short_text"><span[^>]*>(.*)</span></span>',
         1,
         1,
         'i',
         1);
   RETURN l_result;
END translator;
If i pass input with spl characters - like $ % & + etc - its all getting omited and its not getting translated because i am using UTL_URL.escape (p_words). This is escaping the special characters. But my req is to include those spl character and to get the output.
converting from german to english
select translator ('VALERIANA% OFFIC$INALIS L. + HYPERIC+$UM', 'en' , 'de' ) from dual;
without using the spl chars - program working fine.....
but if i use spl character i am not gettting o/.p
Edited by: 950814 on 30 Aug, 2012 7:48 PM

Escape special characters in url for redirection

In my web page, I want all the characters of the URL to be lower case. For that I created the following method:
private bool UrlFormatoCorrecto(string url)
bool formatoCorrecto = true;
bool upperCa = url.Any(c => char.IsUpper(c));
if (url.Any(c => char.IsUpper(c)))
formatoCorrecto = false;
if (url.Contains(" ") || url.Contains("+"))
formatoCorrecto = false;
return formatoCorrecto;
This works like a charm until a special character appears. The url that I get then will be the following:
http://localhost/web/coches/proven%C3%A7a-aribau,-08036-barcelona,-barcelona
So I have upper case characters. When I redirect it using the following code:
if (!UrlFormatoCorrecto(urlActual))
Response.RedirectPermanent(urlActual.Replace(" ", "-").Replace("+", "-").ToLower());
I get the code again with the same URL with upper case. How can I escape the special characters so they won't bother me anytime I want to make the redirection?

hello,
you could escape special caracters with :
Regex.Escape Method
Regards
Cédric

Create an InitialContext with a password containing special characters?

Hi there,
I' trying to run the InitialContextExample with WLS 5.1. It works fine as long
as I use my userId
and a password that contains no special characters. If I try to run the example
with another userId and a password
that contains any special characters the server returns that I have entered a
wrong username or password.
I'm trying to get this done by th following command:
java examples.jndi.InitialContextExample t3://localhost:7001 max $test$
My weblogic.properties file looks like this:
# CORE SECURITY-RELATED PROPERTIES
# Read important information about security at:
# http://www.weblogic.com/docs51/admindocs/properties.html
# REQUIRED: The system password MUST be set in order to start the
# WebLogic Server. This password is case-sensitive, at least 8 characters.
# The username for the privileged user is ALWAYS "system".
# This username and password also includes httpd access (see
# HTTPD properties below).
weblogic.password.rme=mypass
weblogic.password.max=$test$
Propaby I have to escape this special characters, but how do I have to do this?
I did not find anything in the examples!
Thanks for your help.
Ralf

Oops. I was in fact entering the wrong password! It does work.

How to insert special characters in pdf comments

Now, we are ready to go "no paper" workflow, and so mark anything on pdf file, but we cannot insert most of special characters in PDF comments. Same as here, and the xml entity is "&PSgr;", "how to archive it?

>what the Character Map is?
You don't know how to use Google?
Character map is a standard part of Windows for using special
characters with any program.
In Windows XP, Start > All Programs > Accessories > System Tools >
Character Map.
Aandi Inston

How to escape special characters in Simple Transformation

Hi Experts,
I have got a problem to get a well formed xml document from the below simple transformation. The content of maktx contains
special characters like & <, which are not allowed in a well formed XML-Document. But the result of the Simple Transformation
contains this charcters even after the transformation as you can the in the result below. Has anyone a hint how to escape the
characters included in the maktx.
The transformation for maktx, should be something like
Before: Material & < TEST
After: Material &amp &lt TEST
Report wihich calls the simple transformation
types:
BEGIN OF t_mat,
   matnr type matnr,
   maktx type maktx,
end of t_mat.
Data:
mat type t_mat,
xml_stream type xstring.
START-OF-SELECTION.
mat-matnr = '4711'.
mat-maktx = 'Material & < Test'.
CALL TRANSFORMATION ztest_st2
        SOURCE mat = mat
        RESULT XML xml_stream.
CALL FUNCTION 'DISPLAY_XML_STRING'
EXPORTING xml_string = xml_stream.
Simple Transformation
<?sap.transform simple?>
<tt:transform xmlns:tt="http://www.sap.com/transformation-templates">
<tt:root name="MAT"/>
<tt:template>
    <Leistungsschild>
        <CHARACT> MATNR </CHARACT>
        <CHARACT_DESCR> Materialnummer </CHARACT_DESCR>
        <VALUE tt:value-ref="MAT.MATNR"/>
        <CHARACT> MAKTX </CHARACT>
        <CHARACT_DESCR> Materialkurztext </CHARACT_DESCR>
        <VALUE tt:value-ref="MAT.MAKTX" />
    </Leistungsschild>
</tt:template>
</tt:transform>
RESULT
<?xml version="1.0" encoding="utf-8" ?>
<Leistungsschild>
<CHARACT>MATNR</CHARACT>
<CHARACT_DESCR>Materialnummer</CHARACT_DESCR>
<VALUE>4711</VALUE>
<CHARACT>MAKTX</CHARACT>
<CHARACT_DESCR>Materialkurztext</CHARACT_DESCR>
<VALUE>Material & < Test</VALUE>   </Leistungsschild>

Hi Sandra,
First of all thaks for your quick answer to my problem.
I see what you mean and get the same result, if I am using data-type string instead of xstring. But the recommendation in the XML-Books of SAP is to use XSTRING to save memory and circumflex problems between Codepages, when writing the XML-Stream to a filesystem.
As you can see in the code abvoe I am using a SAP-FM to display the XML-Stream and this FM works only with XSTRING´s,
that is one reason why I don´t understand that it displays it in the wrong way.
Even the Debugger shows me for the XSTRING the wrong result. Does all that mean that the escaping will not be applyed if you are working with XSTING´s??

How to escape or remove the special characters in the xml element by regula

Hi members,
How to escape or remove the special characters in the xml element by regular expression in java??
For Example ,
<my:name> aaaa </my:name>
<my:age> 27 </my:age>
In the above example , i have to retrieve the value of the <my:name> Element(For examlpe -- i have to get "aaaa" from <my:name> tag)...
How to retreive this value by using DOM with XPATH in java
Thanks in Advance

Hi members,
I forget to paste my coding for the above question....This is my coding......In this display the error...... Pls reply ASAP.......
PROGRAM:
import java.io.IOException;
import java.util.Hashtable;
import java.util.Map;
import org.w3c.dom.*;
import org.xml.sax.SAXException;
import javax.xml.parsers.*;
import javax.xml.xpath.*;
public class DOMReaderForXMP {
     static Document doc;
     static XPath xpath;
     static Object result;
     static NodeList nodes;
     public DOMReaderForXMP() throws ParserConfigurationException, SAXException,
               IOException, XPathExpressionException {
          DocumentBuilderFactory domFactory = DocumentBuilderFactory
                    .newInstance();
          domFactory.setNamespaceAware(true);
          DocumentBuilder builder = domFactory.newDocumentBuilder();
          doc = builder.parse("d:\\XMP.xml");
          XPathFactory factory = XPathFactory.newInstance();
          xpath = factory.newXPath();
     public static void perform(String path) throws Exception {
          result = xpath.evaluate(path, doc, XPathConstants.NODESET);
          nodes = (NodeList) result;
     public void check() throws Exception {
          perform("//my:name/text()");
          if (!nodes.item(0).getNodeValue().equals("application/pdf")) {
               System.out.println("Mathces....!");
ERROR:
Exception in thread "main" net.sf.saxon.trans.StaticError: XPath syntax error at char 9 in {/my:name}:
Prefix aas has not been declared

Strategies for escaping special characters.

Hi all,
Our app(built using Workshop) needs to have a generic way of scrubbing special
characters that a user might enter in the UI,and which might cause our sql that
queries the DB to become malformed. To explain further,some of our DB controls
are not using PreparedStatements to set Strings..instead, we are constructing
the sql as a java string like:
String myQuery="Select * from * where TOUPPER(name) like"+param.ToUpperCase().
and then we do:
Statement stmt=conn.createStatement();
stmt.executeQuery(myQuery).
In such cases, Oracle JDBC driver does not escape any special chars in the String
param,and fails.Other than converting all our queries to use PreparedStatements,
is there a generic pattern/Util class(mebbe RequestUtils) or some way of using
the Servlet Filter API to scrub out any special chars that are input by the user?
Thanks in advance.
Vik.

ServletFilter is the way to go on this one. Don't think there is anything built
into Servlet spec that handles these characters, however, there are a number of
sample filters that do such a task. I think there is a sample in either the O'Reilly
book on Servlets or Core Servlets.
"Vik" <[email protected]> wrote:
>
Hi all,
Our app(built using Workshop) needs to have a generic way of scrubbing
special
characters that a user might enter in the UI,and which might cause our
sql that
queries the DB to become malformed. To explain further,some of our DB
controls
are not using PreparedStatements to set Strings..instead, we are constructing
the sql as a java string like:
String myQuery="Select * from * where TOUPPER(name) like"+param.ToUpperCase().
and then we do:
Statement stmt=conn.createStatement();
stmt.executeQuery(myQuery).
In such cases, Oracle JDBC driver does not escape any special chars in
the String
param,and fails.Other than converting all our queries to use PreparedStatements,
is there a generic pattern/Util class(mebbe RequestUtils) or some way
of using
the Servlet Filter API to scrub out any special chars that are input
by the user?
Thanks in advance.
Vik.

SQL Injections and XSS - Escaping Special Characters

Hi, hope someone can help in regards to security and SQL Injections and XSS.
We are using APEX 4.0.2 on Oracle 11.2.0.2.
1. It seems the special characters we have entered into normal 'Text Items' 'Text Areas' etc are not being escaped (ie <,>,&, '). If I enter them into the field (ie Surname) they are saved as is into session state and the database - no escaping. Am I missing something such as an environment setting as I thought the "smart" oracle escaping rules would cater for this.
Surely I don't have to manually do each of then.
Just to confirm, am I looking in the correct places to assess if the characters are escaped or not - ie should they show as '&<>' in session state and/or the database ?
2. Also, for the Oracle procedures such as '‘wwv_flow.accept’ , ‘wwv_flow.show’ , 'wwv_flow_utilities.show_as_popup_calendar' - do these escape special characters. If not, then they must be vulnerable to SQL Injections attacks.
Thx
Nigel

Recx Ltd wrote:
Just to pitch in, escaping values internally (either in the database or session state) is extremely problematic. Data searches, string comparison, reporting and double escaping are all areas which suffer badly when you do this.
Stripping characters on input can also cause problems if not considered within the context of the application. Names such as "O'Niel", statistical output such as "n < 300", fields containing deliberate HTML markup can be annoying to debug. In certain situations stripping is totally ineffective and may still lead to cross-site scripting.
Apex applications that share the database with other applications will also be affected.
The database should contain 'raw' unfettered data and output should be escaped properly, as Joel said, at render time. Either with Apex attributes or using PLSQL functions such as htf.escape_sc() as and when required.Do not needlessly resurrect old threads. After a couple of months watches expire and the original posters are not alerted to the presence of your follow-up.
Shameless plug: If you are in the game of needing to produce secure Apex code, you should get in touch.This crosses the line into spam: it violates the OTN Terms of Use—see 6(j).
Promotional posts like this are liable to be removed by the moderators.

Escape special characters for OData response

Hi all,
I'm facing a problem on HTTP response when some special characters are in my entity fields.
For example I've got a Edm.String field which has characters like ###, ", < (two number signs ## are ok, but three invoke an error)
When I set output format to xml via URI parameter $format=xml, I get following error:
<message xml:lang="en">In the context of Data Services an unknown internal server error occured</message>
Exception /IWCOR/CX_DS_INTERNAL_ERROR in class /IWCOR/CL_DS_EP_WRITER_OUTPUT method /IWCOR/IF_DS_EP_WRITER_OUTPUT~WRITE and Line 39
If I use JSON as output format, HTTP response code is 200!!, but payload just ends on the character which cannot be interpreted:
(ABAP)-JSON generator can handle double quotes much better than XML format:
How can I escape these output strings, without adding chars which will appear in response payload?
Thanks,
Steffen

Hi Uwe & Ron,
thanks for your ideas, but maybe we're not talking about binary data?! This field is an example from TADIR table.
OData entity definition for this field:
Versid
Edm.String
0
0
20
ABAP field definition:
Data Type        CHAR - Character String
No. Characters       20
Decimal Places        0
Output Length        20
Convers. Routine    <empty>
Uwe did you mean another debugger view?
SE16 output for this line:
What if I want to store and receive data with these special chars like ####, ", <, >,... in a ABAP char field (respective OData Edm.String)?
Thanks,
Steffen

Howto escape special characters if using regexp_replace & regexp_substr

hello experts,
following test case
insert into querytest1 (d) values
('#1(170):[{"type":"FACEBOOK","count":0,"lastEdition":1382627403299},{"type":"GOOGLE","count":0,"lastEdition":1381825285002},{"type":"EMAIL","count":2,"lastEdition":1381826322925}] #2(0): #3(5):-3141 #4(5):-3141 #5(5):21804 #6(7):3890750 #7(3):s11');
select regexp_replace(d, REGEXP_SUBSTR (REGEXP_SUBSTR(d, '[^ ]+', 1, 1), '[^:]+', 1, 2 ),'') from querytest1;
ERROR at line 1:
ORA-12726: unmatched bracket in regular expression
proof that []{} special characters are the problem:
delete from querytest1;
commit;
-- insert data without special characters
insert into querytest1 (d) values ('#1(170):"type":"FACEBOOK","count":0,"lastEdition":1382627403299,"type":"GOOGLE","count":0,"lastEdition":1381825285002,"type":"EMAIL","count":2,"lastEdition":1381826322925] #2(0): #3(5):-3141 #4(5):-3141 #5(5):21804 #6(7):3890750 #7(3):s11');
select regexp_replace(d, REGEXP_SUBSTR (REGEXP_SUBSTR(d, '[^ ]+', 1, 1), '[^:]+', 1, 2 ),'') from querytest1;
REGEXP_REPLACE(D,REGEXP_SUBSTR(REGEXP_SUBSTR(D,'[^]+',1,1),'[^:]+',1,2),'')
#1(170)::"FACEBOOK","count":0,"lastEdition":1382627403299,:"GOOGLE","count":0,"lastEdition":1381825285002,:"EMAIL","count":2,"lastEdition":1381826322925,:"EMAIL","count":2,"lastEdition":1381826322925] #2(0): #3(5):-3141 #4(5):-3141 #5(5):21804 #6(7):3890750 #7(3):s11
so now it works because there are no special characters []{}
is there a way to escape them?
thank you in advance.

oraman wrote:
ok you're right I explain from the beginning.
create table t (q varchar2(4000), d varchar2(4000), result varchar2(4000));
insert into t (q,d) values ('#1(170):[{"type":"FACEBOOK","count":0,"lastEdition":1382627403299},{"type":"GOOGLE","count":0,"lastEdition":1381825285002},{"type":"EMAIL","count":2,"lastEdition":1381826322925}] #2(0): #3(5):-3141 #4(5):-3141 #5(5):21804 #6(7):3890750 #7(3):s11',
'UPDATE mytable set value=:1 , valuec=:2 , longvalue=:3 , doublevalue=:4 WHERE productattrnameid=:5 AND productid=:6   AND context=:7');
I would like to get the following:
select result from t;
UPDATE mytable set value='[{"type":"FACEBOOK","count":0,"lastEdition":1382627403299},{"type":"GOOGLE","count":0,"lastEdition":1381825285002},{"type":"EMAIL","count":2,"lastEdition":1381826322925}]' , valuec=NULL , longvalue=-3141 , doublevalue=-3141 WHERE productattrnameid=21804 AND productid=3890750   AND context='s11';
the logic is to get the auditing data as ready to execute queries.
It looks you want to include every parameter where parameter is a pattern prefixed by #p1(lenght):param_value #p2(lenght):param_value etc.
Something like this?
set line 1000
col txt format a200
with querytest1 as
select '#1(170):[{"type":"FACEBOOK","count":0,"lastEdition":1382627403299},{"type":"GOOGLE","count":0,"lastEdition":1381825285002},{"type":"EMAIL","count":2,"lastEdition":1381826322925}] #2(0): #3(5):-3141 #4(5):-3141 #5(5):21804 #6(7):3890750 #7(3):s11' d
from dual
select 'UPDATE mytable set value='''|| nvl(trim(regexp_substr (d,'#\d+$\d+$:([^# ]+)', 1, 1, null, 1 )), 'NULL')||''''
       || chr(10) ||'     , valuec='||nvl(trim(regexp_substr (d,'#\d+$\d+$:([^#]+)', 1, 2, null, 1 )), 'NULL')
       || chr(10) ||'     , longvalue='|| nvl(trim(regexp_substr (d,'#\d+$\d+$:([^#]+)', 1, 3, null, 1 )),'NULL')
       || chr(10) ||'     , doublevalue='||nvl(trim(regexp_substr (d,'#\d+$\d+$:([^#]+)', 1, 4, null, 1 )),'NULL')
       || chr(10) ||' WHERE productattrnameid='||regexp_substr (d,'#\d+$\d+$:([^#]+)', 1, 5, null, 1 )
       || chr(10) ||'   AND productid='||regexp_substr (d,'#\d+$\d+$:([^#]+)', 1, 6, null, 1 )
       || chr(10) ||'   AND context='''||regexp_substr (d,'#\d+$\d+$:([^#]+)', 1, 7, null, 1 )||''';' txt
from querytest1;
Result:
TXT
UPDATE mytable set value='[{"type":"FACEBOOK","count":0,"lastEdition":1382627403299},{"type":"GOOGLE","count":0,"lastEdition":1381825285002},{"type":"EMAIL","count":2,"lastEdition":1381826322925}]'
     , valuec=NULL
     , longvalue=-3141
     , doublevalue=-3141
WHERE productattrnameid=21804
   AND productid=3890750
   AND context='s11';
1 row selected.
I have a problem formatting the output in the forum but I hope you get it.
Regards.
Alberto

Special characters in XML (UTF8, escapes etc)

This may seem like a simple problem, but I'm kind of a slow learner, so any help would be appreciated.
I'm generating XML output via ordinary PL/SQL procedures i.e. not using the Oracle XSQL stuff. The data is built up into a XML document, which will be parsed within the server, then passed out to a client, probably as a CLOB.
The data may contain "special" characters such as "<&>" and so on. Is there an existing function to translate these into an "XML-safe" form within the text, or do I need to trap and translate them individually?
Also, the database may contain foreign characters e.g. Thai or Chinese. Will this be handled transparently by my XML-extraction stuff - which just selects the data from the tables and writes it to a CLOB inside XML tags - or do I have to do something to make sure the XML comes out in a safe UTF format?
Thanks,
Chris

use & instead of &
see http://www.w3.org/TR/2000/REC-xml-20001006#syntax

Urgent!!!!! escape special characters like -,& -

Hi
select prt_id from pr_prt where contains(prt_id,'04801\-')>0;
The above query returns foll
04801
04801-04051
I was expecting the result to be 04801-04051.
does any one hv any idea abt this?
This applies to all special characters if they are part of search string.
regards
priya
null

Interesting question...
The API says...
Quotation
\      Nothing, but quotes the following character
\Q      Nothing, but quotes all characters until \E
\E      Nothing, but ends quoting started by \QTry it... and please could you post your code when you're done... I might find it useful... and maybe I can even polish it a bit.... quid pro quo.
Cheers. Keith.

Replacing special characters from xml document/text inside element

Hi
Is there any way to replace the xml codes to special characters inside an entire xml document/ for a text in element.
I want to get the xml codes to get replaced to respective special character(for any special character)
Please see the sample xml xml element below
<Details>Advance is applicable only for < 1000. This is mentioned in Seller's document</Details>
Thanks in advance .. any help will be highly appreciated.

So, just to be sure I understand correctly, you want this :
<Details>Advance is applicable only for < 1000. This is mentioned in Seller's document</Details>
to be converted to :
<Details>Advance is applicable only for < 1000. This is mentioned in Seller's document</Details>
If so, I'll say again : the resulting XML document will be invalid.
Extensible Markup Language (XML) 1.0 (Fifth Edition)
The ampersand character (&) and the left angle bracket (<) MUST NOT appear in their literal form, except when used as markup delimiters, or within a comment, a processing instruction, or a CDATA section. If they are needed elsewhere, they MUST be escaped using either numeric character references or the strings " & " and " < " respectively. The right angle bracket (>) may be represented using the string " > ", and MUST, for compatibility, be escaped using either " > " or a character reference when it appears in the string " ]]> " in content, when that string is not marking the end of a CDATA section.
Ask whoever "they" are why they would want to work with not wellformed XML.

How to handle special characters in Apex

Hi ,
In my application I have two regions - one is Report Region (Interactive Report) and other one is HTML region with two text items - Empno and name
My Report has two columns Empno(varchar2) and Ename(varchar2).
When I click the edit link in the report column, the empno should have a read only EMPNO value and ename is a text field with ENAME value.
When I run my application I have encountered the following problems :
1. if my empno has special characters like ' # ', the characters after that is not getting displayed
2. if my empno has special characters like ',' - the characters after comma is treated as a next texitem value
Here is my credential ,
Workspace CTSAN_ORACLE_DB
Username [email protected]
Password lakshmi321
URL : http://apex.oracle.com/pls/apex/f?p=9444:19:4292839314890159:::::
Plz. suggest me how to rectify the above problems.
Thanks,
Anoo..
Edited by: Anoo on Aug 13, 2010 3:05 AM

Don't pass data values in URLs. Whilst it is possible to escape values to make them URL- and APEX parameter-safe, it is much better practice to avoid the problem altogether.
Create a surrogate primary key on the table that is an immutable discrete numeric identifier and only use this as a URL parameter. In target pages/regions, use this PK value to retrieve the required data from the table.

Escape comment special characters

Similar Messages

Maybe you are looking for