Problem in insertion with string containing ' (single quote)
i have a text field in jsp.
when i submit the content need to be inserted/updated.
when the text field contains character's with single quote( ' )..
i am unable to insert/update values in database..
where as if the text field contains characters without single quote..there is no problem in Database insertion/updation.
i am using create statement .. and oracle database..
can any one help ...
The usual answer for this in the JDBC forum (where this should have been posted because it's completely about JDBC) is to use a PreparedStatement.
Similar Messages
-
Binds with string containing double quotes
Hello there,
I have the following SELECT statement which is run from a Delphi application :
SELECT Customer, Last_Name
FROM Customer
WHERE UPPER(Last_Name) LIKE :last;
:last has the string value of Smith"a".
Is there a problem with binds and strings wich contain double quotes?.
If so, how can I fix this problem?
Thanks,
MiaHi
There is no problem in this example. Content of bind variable is not part of syntc checking, so you can have any characters.
Regards
null -
Trouble with inserting a string containing a single quote
Using php with Oracle
If I do the following two lines before sending my $Query string through the parse function
$name = "Dominick's";
$Query = "INSERT INTO customers (name) values ('$name')";
it gives me the following error:
Warning: Ora_Parse failed (ORA-00917: missing comma -- while processing OCI function OPARSE)
If I try and force the single quote to be surrounded by double quotes and therefore not be confused:
$name = "Dominick's";
Query = "INSERT INTO customers (name) values (\"$name\")";
Trying that yields the following error:
Warning: Ora_Parse failed (ORA-01741: illegal zero-length identifier -- while processing OCI function OPARSE)
Help
JeffIf it is possible (and here it is) you should use str_replace instead of ereg_replaceThanks for the reminder about str_replace().
$Query = "INSERT INTO customers (name) values ('".addSlashes($name)."')";This gives an invalid Oracle SQL statement, which will generally fail with
ORA-01756: quoted string not properly terminatedFor Oracle, single quotes must be doubled, not escaped with backslash.
Of the solutions to insert the data, I'd prefer using bind variables
since no escaping or quote doubling is needed.
-- CJ -
How to insert a string containing a single quote to the msql database? help
how can i insert a string which contains a single quote in to database... anyone help
Message was edited by:
sijo_jamesAbsolutely, Positively use a PreparedStatement. Do not use sqlEscape() function unless you have some overriding need (and I don't know what that could possibly be).
There are 1000's of posts on the positive aspects of using a PreparedStatement rather than using a Statement. The two primary positive attributes of using a PreparedStatement are automatic escaping of Strings and a stronger security model for your application. -
StringTokenizer class problem with strings in double quotes
Hello Technocrats,
I have a problem with tokenizing following string enclosed in (). (abc," India, Asia", computer engineer). My separator is ",", thus StringTokenizer class gives me 4 tokens namely abc, "India, Asia" and computer engineer. But I require that String in double quotes should be a single token. How to achieve this using StringTokenizer class? Or is there any other way?
Thanks in advance.Try
String[] str="abc,\" India, Asia\",computer engineer".split(",",1);
for(String s: str)
System.out.println(s);
}Thanks. -
Hi,
I'm running 32-bit version of SQL Developer v. 3.2.20.09 build 09.87, and I used the built in context menu (right-clicking from the schema browser) today to copy a table. However, none of the comments copied. When I dug into the PL/SQL that the menu-item is using, I realized that it fails because it doesn't handle single quotes within the comment string.
For example, I have a table named WE_ENROLL_SNAPSHOT that I wanted to copy as WE_ENROLL_SNAPSHOT_V1 (within same schema name)
1. I right-clicked on the object in the schema browser and selected Table > Copy...
2. In the pop-up Copy window, I entered the new table name "WE_ENROLL_SNAPSHOT_V1" and ticked the box for "Include Data" option. -- The PL/SQL that the menu-command is using is in the "SQL" tab of this window. This is what I extracted later for testing the issue after the comments did not copy.
Result: Table and data copied as-expected, but no column or table comments existed.
I examined the PL/SQL block that the pop-up window issued, and saw this:
declare
l_sql varchar2(32767);
c_tab_comment varchar2(32767);
procedure run(p_sql varchar2) as
begin
execute immediate p_sql;
end;
begin
run('create table "BI_ETL".WE_ENROLL_SNAPSHOT_V1 as select * from "BI_ETL"."WE_ENROLL_SNAPSHOT" where '||11||' = 11');
select comments into c_tab_comment from sys.all_TAB_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and comments is not null;
run('comment on table BI_ETL.WE_ENROLL_SNAPSHOT_V1 is '||''''||c_tab_comment||'''');
for tc in (select column_name from sys.all_tab_cols where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT')
loop
for c in (select comments from sys.all_col_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and column_name=tc.column_name)
loop
run ('comment on column BI_ETL.WE_ENROLL_SNAPSHOT_V1.'||tc.column_name||' is '||''''||c.comments||'''');
end loop;
end loop;
EXCEPTION
WHEN OTHERS THEN NULL;
end;
The string of the table comment on WE_ENROLL_SNAPSHOT is this:
WBIG table of frozen, point-in-time snapshots of Enrolled Students by Category/term/pidm. "Category" is historically, and commonly, our CENSUS snapshot; but, can also describe other frequencies, or categorizations, such as: End-of-Term (EOT), etc. Note: Prior to this table existing, Census-snapshots were stored in SATURN.SNAPREG_ALL. All FALL and SPRING term records prior-to-and-including Spring 2013 ('201230') have been migrated into this table -- EXCEPT a few select prior to Fall 2004 (200410) records where there are duplicates on term/pidm. NO Summer snapshots existed in SNAPREG_ALL, but were queried and stored retroactively (including terms prior to Spring 2013) for the purpose of future on-going year-over-year analysis and comparison.
Note the single quotes in the comment: ... ('201230')
So, in the above PL/SQL line 11 grabs this string into "c_tab_comment", but then line 12 fails because of the single quotes. It doesn't know how to end the string because the single quotes in the string are not "escaped", and this messes up the concatenation on line 12. (So, then no other column comments are created either because the block throws an error, and goes to line 22 for the exception and exits.)
When I modify the above PL/SQL as my own anonymous block like this, it is successful:
declare
c_tab_comment VARCHAR2(32767);
begin
SELECT REPLACE(comments,chr(39),chr(39)||chr(39)) INTO c_tab_comment FROM sys.all_TAB_comments WHERE owner = 'BI_ETL' AND table_name = 'WE_ENROLL_SNAPSHOT' AND comments IS NOT NULL;
EXECUTE IMMEDIATE 'comment on table BI_ETL.WE_ENROLL_SNAPSHOT_V1 is '''||c_tab_comment||'''';
for tc in (select column_name from sys.all_tab_cols where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT')
loop
for c in (select REPLACE(comments,chr(39),chr(39)||chr(39)) comments from sys.all_col_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and column_name=tc.column_name)
loop
EXECUTE IMMEDIATE 'comment on column BI_ETL.WE_ENROLL_SNAPSHOT_V1.'||tc.column_name||' is '||''''||c.comments||'''';
end loop;
end loop;
EXCEPTION
WHEN OTHERS THEN NULL;
end;
On lines 4 and 8 I wrapped the "comments" from sys.all_tab_comments and sys.all_col_comments with a replace command finding every chr(39) and replacing with chr(39)||chr(39). (On line 8 I also had to alias the wrapped column as "comments" so line 10 would succeed.)
Is this an issue with SQL Developer? Is there any chance that the menu-items can handle single quotes in comment strings? ... And, of course this makes me wonder which other context menu commands in the tool might have a similar issue.
Thoughts?
thanks//jacobPaigeT wrote:
I know about quick drop, but it isn't helpful here. I want to be able to right click on a string or array wire, navigate to the string or array palette, and select the corresponding "Empty?" comparator. In this case, since I do actually know where those functions live, and I'm already using my mouse to right click on the wire, typing ctrl-space to open quick drop and then typing in the function name is actually more work than navigating to it in the palette. It would just be nice to have it on hand in the location I naturally go to look for it the first time.
I don't agree with this work flow. Right hand on mouse, left hand on home keys. Pressing CTRL + Space is done with the left hands, and then you could assign "ea" to "Empty Array" both of which is accessible with the left hand. Darren posted a bunch of great shortcuts for the right handed developer.
https://decibel.ni.com/content/docs/DOC-20453
This is much faster than waiting for any right click menu navigation, even if it is found in the suggested subpalette.
Unofficial Forum Rules and Guidelines - Hooovahh - LabVIEW Overlord
If 10 out of 10 experts in any field say something is bad, you should probably take their opinion seriously. -
How to make search string for the searched text containing single quote?
Hi all,
When trying to search some Contacts from Eloqua, I have to make a search string which would list out some specified EmailAddress.
Unfortunately, I meet several emails who have single quote in their spelling.
I got 'invalid format' error when both using them directly and making single quote twice.
Any suggestions?
Thanks,
BiaoWhen testing, the following examples:
GET /Api/rest/1.0/data/contacts?search=emailAddress=bm'[email protected]
GET /Api/rest/1.0/data/contacts?search='emailAddress=bm'[email protected]'
GET /Api/rest/1.0/data/contacts?search=emailAddress="bm'[email protected]"
GET /Api/rest/1.0/data/contacts?search="emailAddress=bm'[email protected]"
All return:
"elements":
"type":"Contact",
"id":"1421620",
"createdAt":"1419611518",
"depth":"minimal",
"name":"bm'[email protected]",
"updatedAt":"1419611519",
"emailAddress":"bm'[email protected]"
"page":1,
"pageSize":1000,
"total":1
Likewise, the following returns nothing:
GET /Api/rest/1.0/data/contacts?search=emailAddress='bm'[email protected]'
Hopefully this helps,
Bojan -
Description:
We have created a custom workflow in Microsoft Visual Studio 2013 and SharePoint 2013. This Workflow is associated with a Document library.
This Workflow starts as soon as any new item is created OR updated in Document library and creates a Task in Workflow Tasks list.
Related Item link is not working in following scenario -
Upload a file that contains “ ' “
in its name, in a document library
Navigate to Workflow Tasks list
Open View Item form (DispForm.aspx ) of Task Created by workflow then click on link in Related Item fields
OUPUT:
Related Item link truncates after “ ' “
Eg.
Original Link: http://<Site URL>/Documents/te'st.txt
Related Item Field: http://<Site URL>/Documents/te
Is this known bug in SharePoint 2013 OR any hotfix available to fix it.Hi,
As I tested per your description, I can reproduce the issue as well.
From what I have found out, it seems SharePoint resolve single quote into different code in different place. During the test, if I set Task Name to Document Name, single quote will be resolved to ' , if I set some field to Document encoded URL, single
quote will be resolved to %27 . For now, I haven't found out any article talking about this issue.
As workaround, we may find out a way to change the Related Item field. However, it is OOB field in workflow task (SharePoint 2013) content type, and this content type cannot be modified in form.
I'd suggest you add new column to get document url and place in the form in Task content type settings.
Regards,
Rebecca Tu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
How to update row when data contains single quote ?
Hi,
Please see this query:
update query_tab set title='It's common knowledg' where
id='1121';I have this update query coming from .NET, but abviously this is error since single quote in the text (title column) given by user gives wrong meaning to sql parser. So, how to solve this problem ?
Edited by: bootstrap on Dec 25, 2010 9:53 AMHi,
To include a single-quote in a string literal, use two of them in a row:
update query_tab
set title = 'It''s common knowledge'
where id = '1121';The method above works in any version of Oracle.
Starting in Oracle 10, you can also use Q-notation, like this:
update query_tab
set title = Q'[It's common knowledge]'
where id = '1121';For details, look up "Text Literals" in the SQL Language manual:
http://download.oracle.com/docs/cd/B28359_01/server.111/b28286/sql_elements003.htm#sthref337 -
How to replace single quote with double quote
hai all,
i have a problem,
i am trying insert a string containing single quote into ms-access database.
it is giving error.
how can i avoid this .if i replace a single quote in the text with double quote it will defenitely
insert into database.
in java.lang.String
replace () will not work to replace quote with double quote.
any otherway to solve this problem.
please mail me to [email protected]
thank you
sambareddy
inidajava.lang.String.replace () will not work to replace quote with double quote.Really?
String x = ...
x.replace( "'", "\"" ); -
RWRUN60: Problem with parameter value containing space between single quote
Hi All
I'm using RWRUN60 to generate my report by following way:
C:\orant\BIN\RWRUN60.EXE userid=DBUser/dbpasswor@db BACKGROUND="NO" BATCH="YES" DESFORMAT="pdf" DESNAME="C:\report.pdf" DESTYPE="FILE" ORIENTATION="LANDSCAPE" PARAMFORM="NO" P_REPORTID="2431" P_REPORTNAME="Report Name" report="C:\report.rdf" P_WHERE="StartDate>=to_date('2011-07-14 10-37-00','YYYY-MM-DD HH24-MI-SS')"
When I tried to run given command above nothing was executed executed and any log didnt created.
I found out that problem occurs when text between two single quotes contains spaces. In my case it is a parameter P_WHERE. I need to keep such format because it is part of report query.
When I removed last parameter from command RWRUN60 successfully genereate pdf document.
Further I added new test parameter P_TEST(it is ignored by rdf) in the end of command line following:
P_TEST="test '11'" - rwrun60 generates report
P_TEST="test '1 1'" - rwrun60 doesn't; generate report
Can somebody help how to resolve given problem. Is it parsing bug or what else?Spaces on command lines a very often a bad idea. Get rid of them by changing the command, e.g.:
to_date('2011-07-14:10-37-00','YYYY-MM-DD:HH24-MI-SS') -
Dynamic SQL and Data with Single Quotes in it.
Hi There,
I have a problem in that I am using dynamic SQL and it happens that one of the columns does contain single quotes (') in it as part of the data. This causes the resultant dynamic SQL to get confused as the single quote that is part of the data is taken to mean end of sting, when in fact its part of the data. This leaves out a dangling single quote that was meant to enclose the string. Here is my dynamic SQL and the result of the parsed SQL that I have captured:
****Dynamic SQL*****
l_sql:='select NOTE_TEMPLATE_ID '||
'FROM TMP_NOTE_TEMPLATE_VALUES '||
'where TRIM(LEGACY_NOTE_CODE)='''||trim(fp_note_code)||''' '||
'and TRIM(DISPLAY_VALUE)='''||trim(fp_note_text)||''' ';
execute immediate l_sql INTO l_note_template_id;
Because the column DISPLAY_VALUE contains data with single quotes, the resultant SQL is:
******PARSED SQL************
select NOTE_TEMPLATE_ID
FROM TMP_NOTE_TEMPLATE_VALUES
where TRIM(LEGACY_NOTE_CODE)='INQ' and TRIM(DISPLAY_VALUE)='Cont'd'
And the problem lies with the single quote between teh characters t and d in the data field for DISPLAY_ITEM. How can I handle this?
Many thanks,I have been reliably informed that if one doesn't enclose char/varchar2 data items in quotes, the right indices may not be usedI am into oracle for past 4 years and for the first time i am hearing this.
Your reliable source is just wrong. Bind variables are variables that store your value and which are used in SQL. They are the proper way to use values in your SQL. By default all variables in PL/SQL is bind variable.
When you can do some thing in just straight SQL just do it. Dynamic SQL does not make any sense to me here.
Thanks,
Karthick. -
SQL Injection, replace single quote with two single quotes?
Is replacing a single quote with two single quotes adequate
for eliminating
SQL injection attacks? This article (
http://www.devguru.com/features/kb/kb100206.asp
) offers that advice, and it
enabled me to allow users to search name fields in the
database that contain
single quotes.
I was advised to use "Paramaterized SQL" in an earlier post,
but I can't
understand the concept behind that method, and whether it
applies to
queries, writes, or both.Then you can use both stored procedures and prepared
statements.
Both provide better protection than simply replacing
apostrophes.
Prepared statements are simple:
Set myCommand = Server.CreateObject("ADODB.Command")
...snip...
myCommand.CommandText = "INSERT INTO Users([Name], [Email])
VALUES (?, ?)"
...snip...
myCommand.Parameters.Append
myCommand.CreateParameter("@Name",200,1,50,Name)
myCommand.Parameters.Append
myCommand.CreateParameter("@Email",200,1,50,Email)
myCommand.Execute ,,128 'the ,,128 sets execution flags that
tell ADO not to
look for rows to be returned. This saves the expense of
creating a
recordset object you don't need.
Stored procedures are executed in a similar manner. DW can
help you with a
stored procedure through the "Command (Stored Procedure)"
server behavior.
You can see a full example of a prepared statement by looking
at DW's
recordset code after you've created a recordset using version
8.02.
"Mike Z" <[email protected]> wrote in message
news:eo5idq$3qr$[email protected]..
>I should have repeated this, I am using VBScript in ASP,
with an Access DB.
> -
Finding location of single quote ( ' ) in a string
Hi,
I have a need to find the location of second single quote in a string.
Below query works fine for a string without single quote. It gives me the location of word 'HIER' for 2nd occurrence.
select instr('HIER A HIER B','HIER',2) from dual
I want to do the same with single quote. I am trying with the below query.
select instr('HIER A '' HIER B ''',chr(39),2) from dual
But it always gives me the location of first occurrence of single quote and not the second.
Any idea about this issue..?
Thanksselect regexp_replace('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ','.*''(.*)''.*','\1') from dual
select substr('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ',instr('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ','''')+1,instr('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ','''',1,2)-instr('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ','''')-1) from dualComment to the second approach: check SUBSTR() syntax, the second numeric parameter is length of the fragment, not the ending position. Still, RE approach is way shorter and more readable, isn't it? ;) -
Regex with strings that contain non-latin chars
I am having difficulty with a regex when testing for words that contain non-latin characters (specifcally Japanese, I haven't tested other scripts).
My code:
keyword = StringUtil.trim(keyword);
//if(keywords.indexOf(keyword) == -1)
regex = new RegExp("\\b"+keyword+"\\s*;","i");
if(!regex.test(keywords))
{Alert.show('"'+keywords+'" does not contain "'+keyword+'"'); keywords += keyword + "; ";}
Where keyword is
日本国
and keywords is
Chion-in; 知恩院; Lily Pond; Bridge; 納骨堂; Nōkotsu-dō; Asia; Japan; 日本国; Nihon-koku; Kansai region; 関西地方; Kansai-chihō; Kyoto Prefecture; 京都府; Kyōto-fu; Kyoto; Higashiyama-ku; 東山区; Places;
When the function is run, it will alert that keywords does not contain keyword, even though it does:
"Chion-in; 知恩院; Lily Pond; Bridge; 納骨堂; Nōkotsu-dō; Asia; Japan; 日本国; Nihon-koku; Kansai region; 関西地方; Kansai-chihō; Kyoto Prefecture; 京都府; Kyōto-fu; Kyoto; Higashiyama-ku; 東山区; Places; " does not contain "日本国"
Previously I was using indexOf, which doesn't have this problem, but I can't use that since it doesn't match the whole word.
Is this a problem with my regex, is there a modifier I need to add to enable unicode support or something?
Thanks
Daveogre11 wrote:
> I need to use refind to deal with strings containing
accented characters like
> ?itt? l?su, but it doesn't seem to find them. Also when
using it with cyrillic
> characters , it won't find individual characters, but if
I test for [\w] it'll
> work.
works fine for me using unicode data:
<cfprocessingdirective pageencoding="utf-8">
<cfscript>
t="Tá mé in ann gloine a ithe;
Nà chuireann sé isteach nó amach
orm";
s="á";
writeoutput("search:=#t#<br>for:=#s#<br>found
at:=#reFind(s,t,1,false)#");
</cfscript>
what's the encoding for your data?
Maybe you are looking for
-
Can't figure out what the problem is, please help!
Hey, so I have a Mac Mini which I bought nearly 3 years ago. I've been running the latest system 10.6.6, when the issues started. Everything would just unexpectedly quit and occasionally, I'd get the "You need to re-start your computer..." grey scree
-
How to partition a 2TB external drive to use with TM for a 250GB backup?
My MBP only has a 250GB hard drive, but the new external drive is 2TB. I don't want to use the whole ext drive for TM back-up so what size should I create the TM backup partition so that I can use the rest for regular file storage? I saw a guideline
-
I can install the firefox extension by adding key in registry and giving the path to extension folder which is saved in my machine. I want to install it from addon store of firefox, like in chrome adding key "update_url":"link to websotre" and chrome
-
[WLS6.1 sp1] [Solaris Sparc] After the wls run some times, it sometimes can't find the ejb's home interface. It means, i can't find the home in the JNDI tree. But if restart, no error. WHY????? And, i doubt the stable of wls. so many 'Out of memory'
-
I pushed user defined objects in to the Vector or Stack. But they return an java defined Object type when I try to use them. Is there way that I can convert this Object into my defined object. MyClass a; MyClass b; Stack table = new Stack(); table.pu