FYI: Single Quote in column comment problem

SQL Developer Version 1.1.0.23 on Windows XP
If you have a single quote in a column comment and you click on the SQL tab for the table it does not generate two single quotes for each quote in the comment. This generates a syntactically incorrect COMMENT ON COLUMN statement and messes up the rest of the generated statements.
Mike

I am just too far into my project...and it is my first one (it is quite a big project ),and going back to preparedstatement will be quite time consuming.
So indirectly,there is no one statement or inbuilt java methods which takes care of this quote ? I wish there was.
Thanks.

Similar Messages

Copying a table with the right-click menu in schema browser fails to copy comments when string has single quote(s) (ascii chr(39))

Hi,
I'm running 32-bit version of SQL Developer v. 3.2.20.09 build 09.87, and I used the built in context menu (right-clicking from the schema browser) today to copy a table. However, none of the comments copied. When I dug into the PL/SQL that the menu-item is using, I realized that it fails because it doesn't handle single quotes within the comment string.
For example, I have a table named WE_ENROLL_SNAPSHOT that I wanted to copy as WE_ENROLL_SNAPSHOT_V1 (within same schema name)
1. I right-clicked on the object in the schema browser and selected Table > Copy...
2. In the pop-up Copy window, I entered the new table name "WE_ENROLL_SNAPSHOT_V1" and ticked the box for "Include Data" option. -- The PL/SQL that the menu-command is using is in the "SQL" tab of this window. This is what I extracted later for testing the issue after the comments did not copy.
Result: Table and data copied as-expected, but no column or table comments existed.
I examined the PL/SQL block that the pop-up window issued, and saw this:
declare
l_sql varchar2(32767);
c_tab_comment varchar2(32767);
procedure run(p_sql varchar2) as
begin
     execute immediate p_sql;
end;
begin
run('create table "BI_ETL".WE_ENROLL_SNAPSHOT_V1 as select * from "BI_ETL"."WE_ENROLL_SNAPSHOT" where '||11||' = 11');
select comments into c_tab_comment from sys.all_TAB_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and comments is not null;
run('comment on table BI_ETL.WE_ENROLL_SNAPSHOT_V1 is '||''''||c_tab_comment||'''');
for tc in (select column_name from sys.all_tab_cols where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT')
    loop
   for c in (select comments from sys.all_col_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and column_name=tc.column_name)
   loop
   run ('comment on column BI_ETL.WE_ENROLL_SNAPSHOT_V1.'||tc.column_name||' is '||''''||c.comments||'''');
end loop;
end loop;
EXCEPTION
WHEN OTHERS THEN NULL;
end;
The string of the table comment on WE_ENROLL_SNAPSHOT is this:
WBIG table of frozen, point-in-time snapshots of Enrolled Students by Category/term/pidm. "Category" is historically, and commonly, our CENSUS snapshot; but, can also describe other frequencies, or categorizations, such as: End-of-Term (EOT), etc. Note: Prior to this table existing, Census-snapshots were stored in SATURN.SNAPREG_ALL. All FALL and SPRING term records prior-to-and-including Spring 2013 ('201230') have been migrated into this table -- EXCEPT a few select prior to Fall 2004 (200410) records where there are duplicates on term/pidm. NO Summer snapshots existed in SNAPREG_ALL, but were queried and stored retroactively (including terms prior to Spring 2013) for the purpose of future on-going year-over-year analysis and comparison.
Note the single quotes in the comment: ... ('201230')
So, in the above PL/SQL line 11 grabs this string into "c_tab_comment", but then line 12 fails because of the single quotes. It doesn't know how to end the string because the single quotes in the string are not "escaped", and this messes up the concatenation on line 12. (So, then no other column comments are created either because the block throws an error, and goes to line 22 for the exception and exits.)
When I modify the above PL/SQL as my own anonymous block like this, it is successful:
declare
c_tab_comment VARCHAR2(32767);
begin
SELECT REPLACE(comments,chr(39),chr(39)||chr(39)) INTO c_tab_comment FROM sys.all_TAB_comments WHERE owner = 'BI_ETL'   AND table_name = 'WE_ENROLL_SNAPSHOT' AND comments IS NOT NULL;
EXECUTE IMMEDIATE 'comment on table BI_ETL.WE_ENROLL_SNAPSHOT_V1 is '''||c_tab_comment||'''';
for tc in (select column_name from sys.all_tab_cols where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT')
    loop
   for c in (select REPLACE(comments,chr(39),chr(39)||chr(39)) comments from sys.all_col_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and column_name=tc.column_name)
   loop
   EXECUTE IMMEDIATE 'comment on column BI_ETL.WE_ENROLL_SNAPSHOT_V1.'||tc.column_name||' is '||''''||c.comments||'''';
end loop;
end loop;
EXCEPTION
WHEN OTHERS THEN NULL;
end;
On lines 4 and 8 I wrapped the "comments" from sys.all_tab_comments and sys.all_col_comments with a replace command finding every chr(39) and replacing with chr(39)||chr(39). (On line 8 I also had to alias the wrapped column as "comments" so line 10 would succeed.)
Is this an issue with SQL Developer? Is there any chance that the menu-items can handle single quotes in comment strings? ... And, of course this makes me wonder which other context menu commands in the tool might have a similar issue.
Thoughts?
thanks//jacob

PaigeT wrote:
I know about quick drop, but it isn't helpful here. I want to be able to right click on a string or array wire, navigate to the string or array palette, and select the corresponding "Empty?" comparator. In this case, since I do actually know where those functions live, and I'm already using my mouse to right click on the wire, typing ctrl-space to open quick drop and then typing in the function name is actually more work than navigating to it in the palette. It would just be nice to have it on hand in the location I naturally go to look for it the first time.
I don't agree with this work flow. Right hand on mouse, left hand on home keys. Pressing CTRL + Space is done with the left hands, and then you could assign "ea" to "Empty Array" both of which is accessible with the left hand. Darren posted a bunch of great shortcuts for the right handed developer.
https://decibel.ni.com/content/docs/DOC-20453
This is much faster than waiting for any right click menu navigation, even if it is found in the suggested subpalette.
Unofficial Forum Rules and Guidelines - Hooovahh - LabVIEW Overlord
If 10 out of 10 experts in any field say something is bad, you should probably take their opinion seriously.

Single Quote problem with javascript

Hello;
I have a custom popup search page that work very well most times. if the data that I am passing back to me calling page has a single quote in it the popup page fails. Take a look at this URL that is called and you van see why the single quote is causing the problem.
javascript:passBackSearch('413','TOM'S GRILL')

To make it more clear, it should be
javascript:passBackSearch('413',"TOM'S GRILL") Patrick
My APEX Blog: http://inside-apex.blogspot.com
The ApexLib Framework: http://apexlib.sourceforge.net
The APEX Builder Plugin: http://sourceforge.net/projects/apexplugin/

Mssql single quote problem!

Hi,
I user servlet to update MS SQL2000. My problem is there is a single quote inside a text string!
I can't use double quote for string, as it is not a valid statement for MSSQL. I need to use single quote, but there is single quote inside the string, how can I handle the string?
String mstrnig="I'm a boy";
String mSQL = "UPDATE news SET " + "title='" + mstring + "' WHERE code =" + mcode;
Thanks

the cleanest and easiest soln is to use preparedStatement.
PreparedStatement ps = con.prepareStatement("update table comment=? where id = ?");
ps.setString(1,"That's way to do it");
ps.setInt(1,8);//some itn value
ps.execute();

Column Template conditions foiled by a single quote

I am using a generic column template and have a few pl/sql conditions to shade different rows like so:
'#1' like '%Total%'This worked fine until an employee's name appeared in the first column with a single quote in his last name (like O'Brien). Well apparently Apex literally takes whatever is in the field and just shoves it in between the single quotes because the single quote is terminating the string as if you were doing this in sql instead of making it a bind variable:
'O'BRIEN' like '%Total%'Which results in this friendly message to the users:
ORA-06550: line 1, column 65: PLS-00103: Encountered the symbol "BRIEN" when expecting one of the following: ) , * & | = - + < / > at in is mod remainder not rem => .. <> or != or ~= >= <= <> and or like LIKE2_ LIKE4_ LIKEC_ as between from using || multiset member SUBMULTISET_
Error ERR-1025 Error processing PLSQL expression. 'O'BRIEN, JOHN P ' like '%Total%' Can someone from the Apex team confirm that this is the issue? I know I could do a replace on the single quote in my sql, but can't figure out how to escape the '#1#' properly so I don't have to do a replace. I also don't really want to use the Carl Backstrom approach of having to code in a class into the sql when these templates work for 99% of what I need to do.
Any ideas?

Dude you rock! I tried about 6 different combos of the q function before I got frustrated and posted. I had too many quotes in mine I guess but that works perfectly.
Thanks again!

XML invalid character - a single quote problem

Hi, I am reading in an xml file, then write the file to output. The problem is that the input file has a strange single quote character [ *�* ] - lets call it single quoate A, which is different from [ *'* ] , that is the key next to the [ ; ] key on an English keyboard - lets call it single quate B. And in fact there isnt a key to input single quote A, I guess the appearance of single quote A is due to encoding.
If I open the input xml file in browser, it works ok and displays the single quote A.
Once I read in the xml file into memory, by debugging I can still see that single quote A is corrected encoded;
However once I rewrite the same content to output, the single quote A character is changed, and if i open the file in browser, it says 'invalid character' because single quote A were changed when written to output and cannot be rendered.
Both input and output xml are using UTF-8 encoding. How can I solve this problem please?
The xml file looks:
<?xml version="1.0" encoding="UTF-8" ?>
<content>....1980�s (Peacock and Williams, 1986; Keay, 1984)</content> My code for reading
String _xquery ="//content/text()";
Document _xmlDoc= DocumentBuilderFactory.newInstance().newDocumentBuilder().parse("myxml.xml");
XPath _xpath = XPathFactory.newInstance().newXPath();
NodeList nodes = (NodeList) _xpath.compile(query).evaluate(_xmlDoc, XPathConstants.NODESET);
List<String> res = new ArrayList<String>(nodes.getLength());
for (int i = 0; i < nodes.getLength(); i++) {
res.add(nodes.item(i).getNodeValue());
String valueToOuput=res.toString() //this is the value to be output to xml, it shoud look like "[....1980�s (Peacock and Williams, 1986; Keay, 1984)]"my code for writing xml
Element root=new Element("root");;
Element content= new Element("output-content")
content.setText(valueToOutput);
root.addContent(content);
PrintWriter writer = new PrintWriter(new FileWriter(f));
new XMLOutputter().output(domDocument, writer);
writer.close();

Hi, sorry I have fixed the problem... instead of using PrintWriter, I used Fileoutputstream, and it solved the problem. Thanks!

RWRUN60: Problem with parameter value containing space between single quote

Hi All
I'm using RWRUN60 to generate my report by following way:
C:\orant\BIN\RWRUN60.EXE userid=DBUser/dbpasswor@db BACKGROUND="NO" BATCH="YES" DESFORMAT="pdf" DESNAME="C:\report.pdf" DESTYPE="FILE" ORIENTATION="LANDSCAPE" PARAMFORM="NO" P_REPORTID="2431" P_REPORTNAME="Report Name" report="C:\report.rdf" P_WHERE="StartDate>=to_date('2011-07-14 10-37-00','YYYY-MM-DD HH24-MI-SS')"
When I tried to run given command above nothing was executed executed and any log didnt created.
I found out that problem occurs when text between two single quotes contains spaces. In my case it is a parameter P_WHERE. I need to keep such format because it is part of report query.
When I removed last parameter from command RWRUN60 successfully genereate pdf document.
Further I added new test parameter P_TEST(it is ignored by rdf) in the end of command line following:
P_TEST="test '11'" - rwrun60 generates report
P_TEST="test '1 1'" - rwrun60 doesn't; generate report
Can somebody help how to resolve given problem. Is it parsing bug or what else?

Spaces on command lines a very often a bad idea. Get rid of them by changing the command, e.g.:
to_date('2011-07-14:10-37-00','YYYY-MM-DD:HH24-MI-SS')

Embedded Single Quote in SQL Column truncates Java String

I have a jsp web page that queries a database to see what day a user is registered for and then produces an URL for the user to click on. My problem is that the URL being processed stops when an embedded single quote is encountered.
Here is the database side:
Database side:
Create Table registration
(reg_id int not null,
name varchar2(45) not null,
day_nb int not null);
Insert into registration
(reg_id, name, day_nb)
values (1043,'Johnny''s Diner', 1);
Select name, day_nb from registration
where reg_id = 1043;
name, day_nb
Johnny's Diner 1
Snippet of relevant java code: (JSP page)
<%
int day_nb = rs.getInt("day_nb");
String particpant_name = rs.getString("name");
System.out.println("registration.jsp: particpant_name = " + particpant_name);
%>
<td width="84%">
     <a
     href='<%=response.encodeURL("registrationHandler.jsp?"particpant_name="+ particpant_name + "&day_nb="+ day_nb)%>'><%=particpant_name%>
                              </a>
                         </td>
{code}
The following is printed to System.Out:
registration.jsp: particpant_name = Johnny's Diner
The code produces the following URL
http://www.mycompany.com/registrationHandler.jsp?particpant_name=Johnny
The response.encodeURL is stopping on the single quote contained in "Johnny's Diner"
The URL I want is:
http://www.mycompany.com/registrationHandler.jsp?particpant_name=Johnny's Diner&day_nb=1
How do I account for the embedded single quote so the code works properly? Thanks In Advance!

You really need to read up on [SQL Injection|http://en.wikipedia.org/wiki/SQL_injection] and [XSS/Cross-Site Scripting|http://de.wikipedia.org/wiki/Cross-Site_Scripting]. Both present massive security problems and your code seems prone to easily producing both.
For SQL Injection attacks the correct solution is to always use PreparedStatements with only hard-coded String (i.e. never use String concatenation to build SQL statements).
For XSS attacks the solution is a bit harder, but basically you need to learn never to trust user input (that includes user input that you've previously stored in the database!) and always escape what the user sent when you print it back out.

Single Quote causing problem in XPATH

The workflow was working fine until one of the fields had a single quote in the string and caused the update action to stall.
Using the Execute SQL query module I am updating data in an Oracle table. The query looks like this
UPDATE GSI_FEEDBACK_FORM_HEADERS
SET SITE_STREET = '{$ /process_data/xfaform/object/data/xdp/datasets/data/form1/Details/site_street $}',
SITE_STREET2 = '{$ /process_data/xfaform/object/data/xdp/datasets/data/form1/Details/site_street2 $}'
One of the forms had the street value
"Connah's Quay Deeside". I figured out that the single quote is causing the module to read it as the end of the XPATH, hence causing a "SQL command not ended properly" error.
Any suggestions to oversome this issue.
Aditya

No problem
It also:
Makes your SQL look much neater.
You can type in "test" values for the parameters, so that you can test your SQL statement and see the results.
Howard
http://www.avoka.com

Problem in insertion with string containing ' (single quote)

i have a text field in jsp.
when i submit the content need to be inserted/updated.
when the text field contains character's with single quote( ' )..
i am unable to insert/update values in database..
where as if the text field contains characters without single quote..there is no problem in Database insertion/updation.
i am using create statement .. and oracle database..
can any one help ...

The usual answer for this in the JDBC forum (where this should have been posted because it's completely about JDBC) is to use a PreparedStatement.

Problem with lookup-table and single quotes

SOA Suite 10.1.3.3. I have an ESB project with an XSLT map that uses orcl:lookup-table to translate values. I use this instead of lookup-dvm because I want non-IT users to manage the mappings without having access to the ESB Console.
According to the doco:-
G.1.79 lookup-table
orcl:lookup-table(table, inputColumn, key, outputColumn, datasource)
This function returns a string based on the SQL query generated from the parameters.
The string is obtained by executing:
SELECT outputColumn FROM table WHERE inputColumn = key
The problem I'm having is that it seems if "key" contains a single quote (i.e an apostrophe), then lookup-table fails to find the corresponding value - even though the value in table.inputColumn also contains the single quote.
I've put the incoming into an XSL variable, but to no avail.
<xsl:variable name="incoming">
<xsl:value-of select="/obj1:DEV_MESSAGE_TYP/DATA1"/>
</xsl:variable>
<xsl:variable name="dvm-text">
<xsl:value-of select="orcl:lookup-table('MYTABLE','INVAL',$incoming,'OUTVAL','ds/dev')"/>
</xsl:variable>
Are there any XSLT Gurus out there that have come across this or can think of ways around it?
Thanks in advance...
Regards,
Greg

Ok - the above was on the right track but wasn't 100% because it can't handle more than 1 single quote (apostrophe) in the input to lookup-table.
I've since found a better solution - an XSLT re-usable template that operates recursively and so can replace multiple occurances of single quotes. I've modified it to handle a null input value, otherwise lookup-table will just return the value of the first row in the lookup table - doh! The way I've done it below, if null is passed in, then null will be returned.
This goes at the top of your XSLT map file...

<xsl:template name="replace-string">
<xsl:param name="text"/>
<xsl:param name="from"/>
<xsl:param name="to"/>
<xsl:choose>
<xsl:when test="contains($text, $from)">
     <xsl:variable name="before" select="substring-before($text, $from)"/>
     <xsl:variable name="after" select="substring-after($text, $from)"/>
     <xsl:value-of select="$before"/>
     <xsl:value-of select="$to"/>
<xsl:call-template name="replace-string">
<xsl:with-param name="text" select="$after"/>
<xsl:with-param name="from" select="$from"/>
<xsl:with-param name="to" select="$to"/>
     </xsl:call-template>
</xsl:when>
<xsl:when test="$text=''">NULL</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$text"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
Then you call it from within the XSLT map as follows:-

<xsl:variable name="incoming">
<xsl:call-template name="replace-string">
<xsl:with-param name="text" select="inp1:myinputfield"/>
<xsl:with-param name="from">'</xsl:with-param>
<xsl:with-param name="to" select="'&apos;&apos;'"/>
</xsl:call-template>
</xsl:variable>
<xsl:variable name="dvm-text">
<xsl:value-of select="orcl:lookup-table('MYLOOKUPTABLE','INVAL',$incoming,'OUTVAL','ds/dev')"/>
</xsl:variable>

<xsl:choose>
<xsl:when test="$dvm-text=''">
<xsl:value-of select="inp1:myinputfield"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$dvm-text"/>
</xsl:otherwise>
</xsl:choose>
Much Thanks to everyone who shares information and methods on the Internet!
Cheers,
Greg

Importing excel files - problem with single quote

When importing excel files using 1.5, I can't get data with single quotes (') imported.
When I run the insert statement given in SQLPlus I get "ORA-01756: quoted string not properly terminated", which is different than the error that SQL Developer gives me (see below).
Also, I have a numeric value shown without a thousands comma-separator in the XLS file that I'm trying to load into a varchar2 field. But, the insert statements have added a thousands comma-separator which I don't want.
REM Error starting at line 1 in command:
REM INSERT INTO table (ID, NAME, CODE)
REM VALUES (2427407, 'Ed-u-care Children's Center', '73,000');
REM Error at Command Line:2 Column:37
REM Error report:
REM SQL Error: ORA-00917: missing comma
REM 00917. 00000 - "missing comma"
REM *Cause:
REM *Action:
One last thing, TOAD gives a way to automap columns chosen from XLS to the columns in the database. It sure would be nice to have this functionality in SQL Developer.
Thanks,
Steve

Did you consider both to be bugs (i.e., single quote issue and thousands comma separator issue)?
Thanks

Single quot problem

Hi friends
Under given code is written in JSP page and passing userid in servlet
document.form1.action="../servlets/myServelt?userid=abc'"Please check abouve line last character is double quout(") and second last character is single quot ( ' ).
my problem is when i pass user id in servlet i got questation mark instead of single quot.
I have to allow single quot in userid due to some reason. so i can't remove single quot.
please help me how can i got single quot instead of questation mark ?
Thanks
virendra

I don't think you are allowed to pass a single quote (apostrophe) over URLs. Web standards limit the characters that are allowed to be used to make room for protocol features.
My guess is that you will need to URLEncode the string:
<% String encodedGoTo = URLEncode("../servlets/myServelt?userid=abc'", "UTF-8"); %>
document.form1.action="<%=encodedGoTo%>";

Single quote problem

Hi everyone,
I'm new to sql/plsql and having problems with the following
and1 := ' AND CS.COMPANY_NAME LIKE ''% ' || 'information' || ' %'' ';
or1 := ' OR CS.COMPANY_NAME LIKE '' || 'information' || ' %'' ';
or2 := ' OR CS.COMPANY_NAME LIKE ''% ' || 'information' || '' ';
dbms_output.put_line(and);
dbms_output.put_line(or1);
dbms_output.put_line(or2);
and1,or1, or2 are declared as varchars. Its giving the following error for the second line (or1):
83/43 PLS-00103: Encountered the symbol "information" when expecting
one of the following:
. ( * @ % & = - + ; < / > in mod not rem an exponent (**)
<> or != or ~= >= <= <> and or like between is null is not ||
is dangling
Any help is greatly appreciated.

Hi Alex,
Here is what im trying to do. I am trying to loop through the tokens in company name (compName) in the below example. Lets say compName is 'company information', I need to have the following clauses in my query:
AND ( CS.COMPANY_NAME LIKE '% company % '
OR CS.COMPANY_NAME LIKE 'company %'
OR CS.COMPANY_NAME LIKE '% company' )
AND ( CS.COMPANY_NAME LIKE '% information % '
OR CS.COMPANY_NAME LIKE 'information %'
OR CS.COMPANY_NAME LIKE '% information' )
At the moment I only have the and clauses and am missing the or clauses. I was having trouble with single quotes and posted the original problem to get a better idea of what was going on. I am completely new to this. Here's the code:
     WHILE end_pos <> 0 LOOP
          end_pos := instr(compName ,' ',start_pos);
          IF end_pos <> 0 THEN
          token_count := token_count + 1;
          token := substr(compName , start_pos, end_pos - start_pos);
          vSQL := vSQL || ' AND CS.COMPANY_NAME LIKE ''% ' || token || ' %'' ';
                    start_pos := end_pos + 1;
               END IF;
          END LOOP;
          IF token_count = 0 THEN
               token_count := 1;
               token := compName ;
               vSQL := vSQL || ' AND CS.COMPANY_NAME LIKE ''% ' || token || ' %'' ';
               ELSE
               token_count := token_count + 1;
               token := substr(P_COMP_BUS_NAME, start_pos);
               vSQL := vSQL || ' AND CS.COMPANY_NAME LIKE ''% ' || token || ' %'' ';
          END If;
Any help or advice is welcome and appreciated.

Problem with single quote when exporting insert statement

Hi
I'm using Oracle SQL Developer 2.1.1.64 on Ubuntu 10.04. I got some records which has single quote in it.
For example,
Let says Table '*TABLE_A*' has varchar2 column called '*COL_A*'.
And there is only one record in the table and the value is:
his friend's dog name is dog.
When I export that table data to insert statement, i got this:
Insert into TABLE_A (COL_A) VALUES ('his friend's dog name is dog.');
As you can see friend's is wrong, it should be friend''s instead. (note the double single quotes).
Anyone knows how to fix this please?

Yes - that's a bug. But probably not what you're expecting.
Mind you really can't use "normal" SQL on LOBs, because they're just too big to fit in the statements.
You should export and import them through e.g. the DBMS_LOB package.
I do remember some request on the SQL Developer Exchange to automate this, so go vote there to add weight for future implementation.
So the bug is that the column's fields should all yield NULL inside the INSERTs.
Regards,
K.

FYI: Single Quote in column comment problem

Similar Messages

Maybe you are looking for