Passing value in procedure with single quotes intact

Similar Messages

• How to deal with single quote (') in a field value?

  I can successfully insert value with single quoet using
  Prepared statement with placeholder(?) construct .
  I can also successfuly use value with single quote(') in
  WHERE clause.
  My question is, is there a way to use string with single
  quote if a Statement like:
  String slqString ="INSERT INTO customers (name, address) VALUES ( 'O'Reilly Bob', 'St Mary's Street') ";
  Statement sqlStmt = con.createStatement();
  sqlStmt.executeUpdate(sqlString);
  The last statement will thow an SQLException because due to single quotes
  Any ideas?

  I think the question was regarding the ' in O'Reily. Use ' twice when using the Statement interface, i.e.
  ("O''Reilly Bob", "St Mary''s Street")
  So that's two single quotes, not a double quote, to successfully insert a single quote, if you know what I mean....
  But like you said PreparedStatement does things like this for you.

• Dynamic SQL and Data with Single Quotes in it.

  Hi There,
  I have a problem in that I am using dynamic SQL and it happens that one of the columns does contain single quotes (') in it as part of the data. This causes the resultant dynamic SQL to get confused as the single quote that is part of the data is taken to mean end of sting, when in fact its part of the data. This leaves out a dangling single quote that was meant to enclose the string. Here is my dynamic SQL and the result of the parsed SQL that I have captured:
  ****Dynamic SQL*****
  l_sql:='select NOTE_TEMPLATE_ID '||
  'FROM TMP_NOTE_TEMPLATE_VALUES '||
  'where TRIM(LEGACY_NOTE_CODE)='''||trim(fp_note_code)||''' '||
  'and TRIM(DISPLAY_VALUE)='''||trim(fp_note_text)||''' ';
  execute immediate l_sql INTO l_note_template_id;
  Because the column DISPLAY_VALUE contains data with single quotes, the resultant SQL is:
  ******PARSED SQL************
  select NOTE_TEMPLATE_ID
  FROM TMP_NOTE_TEMPLATE_VALUES
  where TRIM(LEGACY_NOTE_CODE)='INQ' and TRIM(DISPLAY_VALUE)='Cont'd'
  And the problem lies with the single quote between teh characters t and d in the data field for DISPLAY_ITEM. How can I handle this?
  Many thanks,

  I have been reliably informed that if one doesn't enclose char/varchar2 data items in quotes, the right indices may not be usedI am into oracle for past 4 years and for the first time i am hearing this.
  Your reliable source is just wrong. Bind variables are variables that store your value and which are used in SQL. They are the proper way to use values in your SQL. By default all variables in PL/SQL is bind variable.
  When you can do some thing in just straight SQL just do it. Dynamic SQL does not make any sense to me here.
  Thanks,
  Karthick.

• IN operator with single quotes

  Hi All,
  I am having problem dealing with Single Quotes with IN operator. Below procedure will explain my problem:
  create or replace procedure sp_countemp
  p_empnames       in   varchar2
  is
  v_cnt            integer:=0;
  BEGIN
  select count(*) into v_cnt from emp where ename in (p_empnames);
  DBMS_OUTPUT.PUT_LINE(v_cnt);
  END;I will be getting p_empnames as 'ALLEN','SMITH'
  But I am not getting any records here.
  Thanks,
  Danish

  Hope this helps..
  DECLARE
    TYPE strarray IS TABLE OF VARCHAR2(100);
    p_empnames STRARRAY;
    v_tot INTEGER :=0;
    v_cnt INTEGER := 0;
  BEGIN
    p_empnames := strarray('Allen','Smith');
    FOR i IN p_empnames.FIRST .. p_empnames.LAST LOOP
        SELECT COUNT(*) INTO v_tot FROM emp WHERE ename = p_empnames(i);
        v_cnt := v_cnt + v_tot;
    END LOOP; 
    DBMS_OUTPUT.PUT_LINE('Count '||v_cnt);
  END;
  Count 2

• Importing excel files - problem with single quote

  When importing excel files using 1.5, I can't get data with single quotes (') imported.
  When I run the insert statement given in SQLPlus I get "ORA-01756: quoted string not properly terminated", which is different than the error that SQL Developer gives me (see below).
  Also, I have a numeric value shown without a thousands comma-separator in the XLS file that I'm trying to load into a varchar2 field. But, the insert statements have added a thousands comma-separator which I don't want.
  REM Error starting at line 1 in command:
  REM INSERT INTO table (ID, NAME, CODE)
  REM VALUES (2427407, 'Ed-u-care Children's Center', '73,000');
  REM Error at Command Line:2 Column:37
  REM Error report:
  REM SQL Error: ORA-00917: missing comma
  REM 00917. 00000 - "missing comma"
  REM *Cause:   
  REM *Action:
  One last thing, TOAD gives a way to automap columns chosen from XLS to the columns in the database. It sure would be nice to have this functionality in SQL Developer.
  Thanks,
  Steve

  Did you consider both to be bugs (i.e., single quote issue and thousands comma separator issue)?
  Thanks

• How to concatenate a string with single quotes

  Hi all,
      how to concatenate a string with single quotes to a variable.
  Sathya

  Hi sathyabama,
  1. simple
  2. use TILDE character <b>(`)</b>
     (just left to the '1' key)
  <b> `'mystring'`</b>
  3. just copy paste
  report abc.
  data : m(100) type c.
  concatenate `'amit mittal'` 'hello' into m separated  by space.
  write m.
  regards,
  amit m.

• Firefox is replacing double quotes with single quotes.

  In WordPress and at other sites where I input and save text, Firefox is replacing double quotes with single quotes when I save. It's also showing double quotes as single quotes on websites. I tried uninstalling and reinstalling, and it's still happening.

  Do you have the needed font installed?
  *http://en.wikipedia.org/wiki/Punctuation

• RWRUN60: Problem with parameter value containing space between single quote

  Hi All
  I'm using RWRUN60 to generate my report by following way:
  C:\orant\BIN\RWRUN60.EXE userid=DBUser/dbpasswor@db BACKGROUND="NO" BATCH="YES" DESFORMAT="pdf" DESNAME="C:\report.pdf" DESTYPE="FILE" ORIENTATION="LANDSCAPE" PARAMFORM="NO" P_REPORTID="2431" P_REPORTNAME="Report Name" report="C:\report.rdf" P_WHERE="StartDate>=to_date('2011-07-14 10-37-00','YYYY-MM-DD HH24-MI-SS')"
  When I tried to run given command above nothing was executed executed and any log didnt created.
  I found out that problem occurs when text between two single quotes contains spaces. In my case it is a parameter P_WHERE. I need to keep such format because it is part of report query.
  When I removed last parameter from command RWRUN60 successfully genereate pdf document.
  Further I added new test parameter P_TEST(it is ignored by rdf) in the end of command line following:
  P_TEST="test '11'" - rwrun60 generates report
  P_TEST="test '1 1'" - rwrun60 doesn't; generate report
  Can somebody help how to resolve given problem. Is it parsing bug or what else?

  Spaces on command lines a very often a bad idea. Get rid of them by changing the command, e.g.:
  to_date('2011-07-14:10-37-00','YYYY-MM-DD:HH24-MI-SS')

• How to handle XML string with Single Quotes as a parameter to SP dynamically?

  Hi,
  I would like to know if there is a way to handle the Single Quotes in XML value when it is passed to Stored Procedure?
  I should be able to handle it without adding another Single Quote to it.
  Thanks,
  Chandra Shekar

  Hi Chandra,
  Your requirement is not precise. Based on my understanding and guessing, are you metioning something like the below sample?
  /*If the xml is generated you have no need to escape the singe quote(')*/
  DECLARE @xmlTbl TABLE (ID INT,name VARCHAR(99));
  INSERT INTO @xmlTbl VALUES(1,'Eric''s')
  INSERT INTO @xmlTbl VALUES(2,'Zhang''s')
  DECLARE @xmlDoc1 XML
  SELECT @xmlDoc1
  FROM @xmlTbl FOR XML PATH('PERSON'),ROOT('PERSONS')
  EXEC yourProcedure @xmlDoc1
  /*If your copy and paste the xml, you have to escape the single quote(') with 2s('')*/
  DECLARE @xmlDoc2 XML
  SET @xmlDoc2 = '<PERSONS>
  <PERSON>
  <ID>1</ID>
  <name>Eric''s</name>
  </PERSON>
  <PERSON>
  <ID>2</ID>
  <name>Zhang''s</name>
  </PERSON>
  </PERSONS>'
  EXEC yourProcedure @xmlDoc2
  If that is not regarding your requirement, please elaborate with more details.
  Eric Zhang
  TechNet Community Support

• How to copy item value that contain a single quote(')?

  Hi,
  I have one "Copy" button in a APEX form. When user clicks it, it simply copy the item's values from the form to a new form by using APEX provided function behind the button- "Set these item values with these values". It is simple and works fine in normal cases. However, see, we have a text field called "Product Details", user types in for example "Oracle's new vision". When I click COPY button, APEX try to copy the text in "Product Details" field from this form to a new form but it returns error because of that single quote. Is there any way I can do something to replace that single quote with two single quote like we usually do in PL/SQL in the place "Set these item values with these values" of APEX button? I tried REPLACE(#P66_PRODUCT_DETAILS#., '''', '''''') but not work. I saw someone in the forum meantioned that to use something like "/#P66_PRODUCT_DETAILS#/" to get around. Any one with success?

  Thanks. I think it should work this way. However, our form has about 20 ~30 text fields, I have to create 20~30 hiddle fields to handle the problem because I never know which field could contain a single quote. Ideally, a new version of APEX should have the functionality to deal with the problem when using "set values with those values" method. At least, it should provide some kind of interaction for user to get away from single quote or comma or column etc.
  What I did is to get out of APEX native function and to create a new records in background by PL/SQL using record id that passed in from APEX form. It works perfectly. Although, user can only edit the record after it is created, not as user friendly as "Copy first-look at it-edit it-then create it" I originally planed.
  Thanks for your help,

• Error with single quotes in open document function

  Hi all,
  I have an issue with the special characters using the open document function. I'm passing a name, and I'm using the URLEncode function, but it doesn't work for single quotes, it shows a javascript error. I tried with HTMLEncode and it works for single quotes, but not for the other special characters like @,+. I tried with both functions at the same time but it doesn't work either.
  Please let me know if you know how to solve it.
  Thanks,
  Marcela

  Hi Prashant,
  I did not work it works for single quotes only, but not for other special characters.
  This one doesn't work for single quotes
  ="<a href='../../scripts/openDocument.aspx?sType=wid&sDocName=Report_Name&sWindow=NEW&sReportName=Company Details&lsSPartner Id=" + [Partner Id] +"&lsSPartner Name=" + URLEncode([Partner Name]) +"'>View catalog</a>"
  This one doesn't work for special characters
  ="<a href='../../scripts/openDocument.aspx?sType=wid&sDocName=RP-DSPP-Company_Catalog_CORETEAM&sWindow=NEW&sReportName=Company Details&lsSPartner Id=" + [Partner Id] +"&lsSPartner Name=" + [Partner Name] +"'>View catalog</a>"
  Thank you,
  Marcela

• Incorrect SELECT statement with single quotes

  I am getting the following error trying to select a value from a database:
  SQLException caught: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'mod='Payroll''. Couldn't load driver:[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'mod='Payroll''.
  Here is the select statement code:
  PreparedStatement ps = con.prepareStatement("SELECT username FROM experts WHERE mod='"+mod+"'");
  I have tried all kinds of variations with the quotes, and single quotes but still get the same error...I know I'm on the right track but I can't seem to spot the error and was hoping someone else could??
  thanks in advance,
  chuk

  Hi,
  I tried that and now I get an even stranger syntax error which says "Syntax error (missing operator) in query expression 'mod=Pa_RaM000'."
  any ideas?

• Replacing " (double quote) with ' (single quote)

  Hi there,
  I have the following method to manipulate user input. All I want to do is, to replace the double quote with a single quote. The implementation I tried was,
  this.replace(desc, "\"", "'");
  This does not work for me. It jsut removes the double quote and does not introduces the single quote. Could any one please advise?
  Thanks,
  Des
  public static String replace(String line, String oldString, String newString) {
            if(line != null && oldString != null && newString != null) {
                 int index = 0;
                 while ((index = line.indexOf(oldString, index)) >= 0) {
                      line = line.substring(0, index) +
                           newString +
                           line.substring(index + oldString.length());
                      index += newString.length();
            return line;
       }

  Bad luck.. I am unable to get it still.
  This is the code I am using (implemetation is in a JSP. I am using this code to test it).
  public class Test{
  public static void main(String args[]){
       String s = args[0];
       Test t = new Test();
       String doubleQuote = "\"";
       System.out.println(" output :"+ t.replace(s,doubleQuote,"'"));
       //System.out.println(" output :"+ t.replace(s,"\"","'"));
       //System.out.println(" output :"+ t.replace('"', '\''));
  public static String replace(String line, String oldString, String newString) {
            if(line != null && oldString != null && newString != null) {
                 int index = 0;
                 while ((index = line.indexOf(oldString, index)) >= 0) {
                           System.out.println(" line count :");
                      line = line.substring(0, index) +
                           newString +
                           line.substring(index + oldString.length());
                      index += newString.length();
            return line;
  }mshn02
  The main problem is I am stuck with the server's version of Java (which I have no control on it). I could not use 1.4.2

• Problem with single quote when exporting insert statement

  Hi
  I'm using Oracle SQL Developer 2.1.1.64 on Ubuntu 10.04. I got some records which has single quote in it.
  For example,
  Let says Table '*TABLE_A*' has varchar2 column called '*COL_A*'.
  And there is only one record in the table and the value is:
  his friend's dog name is dog.
  When I export that table data to insert statement, i got this:
  Insert into TABLE_A (COL_A) VALUES ('his friend's dog name is dog.');
  As you can see friend's is wrong, it should be friend''s instead. (note the double single quotes).
  Anyone knows how to fix this please?

  Yes - that's a bug. But probably not what you're expecting.
  Mind you really can't use "normal" SQL on LOBs, because they're just too big to fit in the statements.
  You should export and import them through e.g. the DBMS_LOB package.
  I do remember some request on the SQL Developer Exchange to automate this, so go vote there to add weight for future implementation.
  So the bug is that the column's fields should all yield NULL inside the INSERTs.
  Regards,
  K.

• How can i insert values with single quote (')

  How can i insert a values like ABC's ?
  Edited by: LuKKa on Oct 6, 2010 12:48 PM

  LuKKa wrote:
  I want to insert like this :-
  INSERT INTO myTab values ('This is belong's to ABC's ');
  Then how can i do ?In a old style you can do this
  insert into mytab valeus('This is belong''s to ABC''s');