Problem in insertion with string containing   ' (single quote)

Similar Messages

• Binds with string containing double quotes

  Hello there,
  I have the following SELECT statement which is run from a Delphi application :
  SELECT Customer, Last_Name
  FROM Customer
  WHERE UPPER(Last_Name) LIKE :last;
  :last has the string value of Smith"a".
  Is there a problem with binds and strings wich contain double quotes?.
  If so, how can I fix this problem?
  Thanks,
  Mia

  Hi
  There is no problem in this example. Content of bind variable is not part of syntc checking, so you can have any characters.
  Regards
  null

• Trouble with inserting a string containing a single quote

  Using php with Oracle
  If I do the following two lines before sending my $Query string through the parse function
  $name = "Dominick's";
  $Query = "INSERT INTO customers (name) values ('$name')";
  it gives me the following error:
  Warning: Ora_Parse failed (ORA-00917: missing comma -- while processing OCI function OPARSE)
  If I try and force the single quote to be surrounded by double quotes and therefore not be confused:
  $name = "Dominick's";
  Query = "INSERT INTO customers (name) values (\"$name\")";
  Trying that yields the following error:
  Warning: Ora_Parse failed (ORA-01741: illegal zero-length identifier -- while processing OCI function OPARSE)
  Help
  Jeff

  If it is possible (and here it is) you should use str_replace instead of ereg_replaceThanks for the reminder about str_replace().
  $Query = "INSERT INTO customers (name) values ('".addSlashes($name)."')";This gives an invalid Oracle SQL statement, which will generally fail with
    ORA-01756: quoted string not properly terminatedFor Oracle, single quotes must be doubled, not escaped with backslash.
  Of the solutions to insert the data, I'd prefer using bind variables
  since no escaping or quote doubling is needed.
  -- CJ

• How to insert a string containing a single quote to the msql database? help

  how can i insert a string which contains a single quote in to database... anyone help
  Message was edited by:
  sijo_james

  Absolutely, Positively use a PreparedStatement. Do not use sqlEscape() function unless you have some overriding need (and I don't know what that could possibly be).
  There are 1000's of posts on the positive aspects of using a PreparedStatement rather than using a Statement. The two primary positive attributes of using a PreparedStatement are automatic escaping of Strings and a stronger security model for your application.

• StringTokenizer class problem with strings in double quotes

  Hello Technocrats,
  I have a problem with tokenizing following string enclosed in (). (abc," India, Asia", computer engineer). My separator is ",", thus StringTokenizer class gives me 4 tokens namely abc, "India, Asia" and computer engineer. But I require that String in double quotes should be a single token. How to achieve this using StringTokenizer class? Or is there any other way?
  Thanks in advance.

  Try
  String[] str="abc,\" India, Asia\",computer engineer".split(",",1);
            for(String s: str)
                 System.out.println(s);
            }Thanks.

• Copying a table with the right-click menu in schema browser fails to copy comments when string has single quote(s) (ascii chr(39))

  Hi,
  I'm running 32-bit version of SQL Developer v. 3.2.20.09 build 09.87, and I used the built in context menu (right-clicking from the schema browser) today to copy a table.  However, none of the comments copied.  When I dug into the PL/SQL that the menu-item is using, I realized that it fails because it doesn't handle single quotes within the comment string.
  For example, I have a table named WE_ENROLL_SNAPSHOT that I wanted to copy as WE_ENROLL_SNAPSHOT_V1 (within same schema name)
  1. I right-clicked on the object in the schema browser and selected Table > Copy...
  2. In the pop-up Copy window, I entered the new table name "WE_ENROLL_SNAPSHOT_V1" and ticked the box for "Include Data" option.  -- The PL/SQL that the menu-command is using is in the "SQL" tab of this window.  This is what I extracted later for testing the issue after the comments did not copy.
  Result: Table and data copied as-expected, but no column or table comments existed.
  I examined the PL/SQL block that the pop-up window issued, and saw this:
  declare
    l_sql varchar2(32767);
    c_tab_comment varchar2(32767);
    procedure run(p_sql varchar2) as
    begin
       execute immediate p_sql;
    end;
  begin
  run('create table "BI_ETL".WE_ENROLL_SNAPSHOT_V1 as select * from "BI_ETL"."WE_ENROLL_SNAPSHOT" where '||11||' = 11');
  select comments into c_tab_comment from sys.all_TAB_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and comments is not null;
  run('comment on table BI_ETL.WE_ENROLL_SNAPSHOT_V1 is '||''''||c_tab_comment||'''');
  for tc in (select column_name from sys.all_tab_cols where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT')
      loop
     for c in (select comments from sys.all_col_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and column_name=tc.column_name)
     loop
     run ('comment on column BI_ETL.WE_ENROLL_SNAPSHOT_V1.'||tc.column_name||' is '||''''||c.comments||'''');
  end loop;
  end loop;
  EXCEPTION
    WHEN OTHERS THEN NULL;
  end;
  The string of the table comment on WE_ENROLL_SNAPSHOT is this:
  WBIG table of frozen, point-in-time snapshots of Enrolled Students by Category/term/pidm. "Category" is historically, and commonly, our CENSUS snapshot; but, can also describe other frequencies, or categorizations, such as: End-of-Term (EOT), etc. Note: Prior to this table existing, Census-snapshots were stored in SATURN.SNAPREG_ALL. All FALL and SPRING term records prior-to-and-including Spring 2013 ('201230') have been migrated into this table -- EXCEPT a few select prior to Fall 2004 (200410) records where there are duplicates on term/pidm. NO Summer snapshots existed in SNAPREG_ALL, but were queried and stored retroactively (including terms prior to Spring 2013) for the purpose of future on-going year-over-year analysis and comparison.
  Note the single quotes in the comment: ... ('201230')
  So, in the above PL/SQL line 11 grabs this string into "c_tab_comment", but then line 12 fails because of the single quotes.  It doesn't know how to end the string because the single quotes in the string are not "escaped", and this messes up the concatenation on line 12.  (So, then no other column comments are created either because the block throws an error, and goes to line 22 for the exception and exits.)
  When I modify the above PL/SQL as my own anonymous block like this, it is successful:
  declare
    c_tab_comment VARCHAR2(32767);
  begin
  SELECT REPLACE(comments,chr(39),chr(39)||chr(39)) INTO c_tab_comment FROM sys.all_TAB_comments WHERE owner = 'BI_ETL'   AND table_name = 'WE_ENROLL_SNAPSHOT'  AND comments IS NOT NULL;
  EXECUTE IMMEDIATE 'comment on table BI_ETL.WE_ENROLL_SNAPSHOT_V1 is '''||c_tab_comment||'''';
  for tc in (select column_name from sys.all_tab_cols where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT')
      loop
     for c in (select REPLACE(comments,chr(39),chr(39)||chr(39)) comments from sys.all_col_comments where owner = 'BI_ETL' and table_name = 'WE_ENROLL_SNAPSHOT' and column_name=tc.column_name)
     loop
     EXECUTE IMMEDIATE 'comment on column BI_ETL.WE_ENROLL_SNAPSHOT_V1.'||tc.column_name||' is '||''''||c.comments||'''';
  end loop;
  end loop;
  EXCEPTION
    WHEN OTHERS THEN NULL;
  end;
  On lines 4 and 8 I wrapped the "comments" from sys.all_tab_comments and sys.all_col_comments with a replace command finding every chr(39) and replacing with chr(39)||chr(39). (On line 8 I also had to alias the wrapped column as "comments" so line 10 would succeed.)
  Is this an issue with SQL Developer? Is there any chance that the menu-items can handle single quotes in comment strings? ... And, of course this makes me wonder which other context menu commands in the tool might have a similar issue.
  Thoughts?
  thanks//jacob

  PaigeT wrote:
  I know about quick drop, but it isn't helpful here. I want to be able to right click on a string or array wire, navigate to the string or array palette, and select the corresponding "Empty?" comparator. In this case, since I do actually know where those functions live, and I'm already using my mouse to right click on the wire, typing ctrl-space to open quick drop and then typing in the function name is actually more work than navigating to it in the palette. It would just be nice to have it on hand in the location I naturally go to look for it the first time. 
  I don't agree with this work flow.  Right hand on mouse, left hand on home keys.  Pressing CTRL + Space is done with the left hands, and then you could assign "ea" to "Empty Array" both of which is accessible with the left hand.  Darren posted a bunch of great shortcuts for the right handed developer.
  https://decibel.ni.com/content/docs/DOC-20453
  This is much faster than waiting for any right click menu navigation, even if it is found in the suggested subpalette.
  Unofficial Forum Rules and Guidelines - Hooovahh - LabVIEW Overlord
  If 10 out of 10 experts in any field say something is bad, you should probably take their opinion seriously.

• How to make search string for the searched text containing single quote?

  Hi all,
  When trying to search some Contacts from Eloqua, I have to make a search string which would list out some specified EmailAddress.
  Unfortunately, I meet several emails who have single quote in their spelling.
  I got 'invalid format' error when both using them directly and making single quote twice.
  Any suggestions?
  Thanks,
  Biao

  When testing, the following examples:
  GET /Api/rest/1.0/data/contacts?search=emailAddress=bm'[email protected]
  GET /Api/rest/1.0/data/contacts?search='emailAddress=bm'[email protected]'
  GET /Api/rest/1.0/data/contacts?search=emailAddress="bm'[email protected]"
  GET /Api/rest/1.0/data/contacts?search="emailAddress=bm'[email protected]"
  All return:
    "elements":
      "type":"Contact",
      "id":"1421620",
      "createdAt":"1419611518",
      "depth":"minimal",
      "name":"bm'[email protected]",
      "updatedAt":"1419611519",
      "emailAddress":"bm'[email protected]"
    "page":1,
    "pageSize":1000,
    "total":1
  Likewise, the following returns nothing:
  GET /Api/rest/1.0/data/contacts?search=emailAddress='bm'[email protected]'
  Hopefully this helps,
  Bojan

• Related Item link is broken in DispForm.aspx for a task in Workflow Tasks list if file name contains " ' " (single quote)

  Description:
  We have created a custom workflow in Microsoft Visual Studio 2013 and SharePoint 2013. This Workflow is associated with a Document library.
  This Workflow starts as soon as any new item is created OR updated in Document library and creates a Task in Workflow Tasks list.
   Related Item link is not working in following scenario -
  Upload a file that contains “ ' “
  in its name, in a document library
  Navigate to Workflow Tasks list
  Open View Item form (DispForm.aspx ) of  Task Created by workflow then click on link in Related Item fields
  OUPUT:
  Related Item link  truncates after “ ' “
  Eg.
  Original Link: http://<Site URL>/Documents/te'st.txt
  Related Item Field: http://<Site URL>/Documents/te
  Is this known bug in SharePoint 2013 OR any hotfix available to fix it.

  Hi,
  As I tested per your description, I can reproduce the issue as well.
  From what I have found out, it seems SharePoint resolve single quote into different code in different place. During the test, if I set Task Name to Document Name, single quote will be resolved to &#39; , if I set some field to Document encoded URL, single
  quote will be resolved to %27 . For now, I haven't found out any article talking about this issue.
  As workaround, we may find out a way to change the Related Item field. However, it is OOB field in workflow task (SharePoint 2013) content type, and this content type cannot be modified in form.
  I'd suggest you add new column to get document url and place in the form in Task content type settings.
  Regards,
  Rebecca Tu
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• How to update row when data contains single quote  ?

  Hi,
  Please see this query:
  update query_tab set  title='It's common knowledg' where
  id='1121';I have this update query coming from .NET, but abviously this is error since single quote in the text (title column) given by user gives wrong meaning to sql parser. So, how to solve this problem ?
  Edited by: bootstrap on Dec 25, 2010 9:53 AM

  Hi,
  To include a single-quote in a string literal, use two of them in a row:
  update      query_tab
  set       title     = 'It''s common knowledge'
  where      id     = '1121';The method above works in any version of Oracle.
  Starting in Oracle 10, you can also use Q-notation, like this:
  update      query_tab
  set       title     = Q'[It's common knowledge]'
  where      id     = '1121';For details, look up "Text Literals" in the SQL Language manual:
  http://download.oracle.com/docs/cd/B28359_01/server.111/b28286/sql_elements003.htm#sthref337

• How to replace single quote with double quote

  hai all,
  i have a problem,
  i am trying insert a string containing single quote into ms-access database.
  it is giving error.
  how can i avoid this .if i replace a single quote in the text with double quote it will defenitely
  insert into database.
  in java.lang.String
  replace () will not work to replace quote with double quote.
  any otherway to solve this problem.
  please mail me to [email protected]
  thank you
  sambareddy
  inida

  java.lang.String.replace () will not work to replace quote with double quote.Really?
  String x = ...
  x.replace( "'", "\"" );

• RWRUN60: Problem with parameter value containing space between single quote

  Hi All
  I'm using RWRUN60 to generate my report by following way:
  C:\orant\BIN\RWRUN60.EXE userid=DBUser/dbpasswor@db BACKGROUND="NO" BATCH="YES" DESFORMAT="pdf" DESNAME="C:\report.pdf" DESTYPE="FILE" ORIENTATION="LANDSCAPE" PARAMFORM="NO" P_REPORTID="2431" P_REPORTNAME="Report Name" report="C:\report.rdf" P_WHERE="StartDate>=to_date('2011-07-14 10-37-00','YYYY-MM-DD HH24-MI-SS')"
  When I tried to run given command above nothing was executed executed and any log didnt created.
  I found out that problem occurs when text between two single quotes contains spaces. In my case it is a parameter P_WHERE. I need to keep such format because it is part of report query.
  When I removed last parameter from command RWRUN60 successfully genereate pdf document.
  Further I added new test parameter P_TEST(it is ignored by rdf) in the end of command line following:
  P_TEST="test '11'" - rwrun60 generates report
  P_TEST="test '1 1'" - rwrun60 doesn't; generate report
  Can somebody help how to resolve given problem. Is it parsing bug or what else?

  Spaces on command lines a very often a bad idea. Get rid of them by changing the command, e.g.:
  to_date('2011-07-14:10-37-00','YYYY-MM-DD:HH24-MI-SS')

• Dynamic SQL and Data with Single Quotes in it.

  Hi There,
  I have a problem in that I am using dynamic SQL and it happens that one of the columns does contain single quotes (') in it as part of the data. This causes the resultant dynamic SQL to get confused as the single quote that is part of the data is taken to mean end of sting, when in fact its part of the data. This leaves out a dangling single quote that was meant to enclose the string. Here is my dynamic SQL and the result of the parsed SQL that I have captured:
  ****Dynamic SQL*****
  l_sql:='select NOTE_TEMPLATE_ID '||
  'FROM TMP_NOTE_TEMPLATE_VALUES '||
  'where TRIM(LEGACY_NOTE_CODE)='''||trim(fp_note_code)||''' '||
  'and TRIM(DISPLAY_VALUE)='''||trim(fp_note_text)||''' ';
  execute immediate l_sql INTO l_note_template_id;
  Because the column DISPLAY_VALUE contains data with single quotes, the resultant SQL is:
  ******PARSED SQL************
  select NOTE_TEMPLATE_ID
  FROM TMP_NOTE_TEMPLATE_VALUES
  where TRIM(LEGACY_NOTE_CODE)='INQ' and TRIM(DISPLAY_VALUE)='Cont'd'
  And the problem lies with the single quote between teh characters t and d in the data field for DISPLAY_ITEM. How can I handle this?
  Many thanks,

  I have been reliably informed that if one doesn't enclose char/varchar2 data items in quotes, the right indices may not be usedI am into oracle for past 4 years and for the first time i am hearing this.
  Your reliable source is just wrong. Bind variables are variables that store your value and which are used in SQL. They are the proper way to use values in your SQL. By default all variables in PL/SQL is bind variable.
  When you can do some thing in just straight SQL just do it. Dynamic SQL does not make any sense to me here.
  Thanks,
  Karthick.

• SQL Injection, replace single quote with two single quotes?

  Is replacing a single quote with two single quotes adequate
  for eliminating
  SQL injection attacks? This article (
  http://www.devguru.com/features/kb/kb100206.asp
  ) offers that advice, and it
  enabled me to allow users to search name fields in the
  database that contain
  single quotes.
  I was advised to use "Paramaterized SQL" in an earlier post,
  but I can't
  understand the concept behind that method, and whether it
  applies to
  queries, writes, or both.

  Then you can use both stored procedures and prepared
  statements.
  Both provide better protection than simply replacing
  apostrophes.
  Prepared statements are simple:
  Set myCommand = Server.CreateObject("ADODB.Command")
  ...snip...
  myCommand.CommandText = "INSERT INTO Users([Name], [Email])
  VALUES (?, ?)"
  ...snip...
  myCommand.Parameters.Append
  myCommand.CreateParameter("@Name",200,1,50,Name)
  myCommand.Parameters.Append
  myCommand.CreateParameter("@Email",200,1,50,Email)
  myCommand.Execute ,,128 'the ,,128 sets execution flags that
  tell ADO not to
  look for rows to be returned. This saves the expense of
  creating a
  recordset object you don't need.
  Stored procedures are executed in a similar manner. DW can
  help you with a
  stored procedure through the "Command (Stored Procedure)"
  server behavior.
  You can see a full example of a prepared statement by looking
  at DW's
  recordset code after you've created a recordset using version
  8.02.
  "Mike Z" <[email protected]> wrote in message
  news:eo5idq$3qr$[email protected]..
  >I should have repeated this, I am using VBScript in ASP,
  with an Access DB.
  >

• Finding location of single quote ( ' ) in a string

  Hi,
  I have a need to find the location of second single quote in a string.
  Below query works fine for a string without single quote. It gives me the location of word 'HIER' for 2nd occurrence.
  select instr('HIER A HIER B','HIER',2) from dual
  I want to do the same with single quote. I am trying with the below query.
  select instr('HIER A '' HIER B ''',chr(39),2) from dual
  But it always gives me the location of first occurrence of single quote and not the second.
  Any idea about this issue..?
  Thanks

  select regexp_replace('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ','.*''(.*)''.*','\1') from dual
  select substr('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ',instr('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ','''')+1,instr('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ','''',1,2)-instr('AND ( ACCT_V.HIER_NODE_NM = ''D0100'' AND TODAYS_DATE IS NULL ','''')-1) from dualComment to the second approach: check SUBSTR() syntax, the second numeric parameter is length of the fragment, not the ending position. Still, RE approach is way shorter and more readable, isn't it? ;)

• Regex with strings that contain non-latin chars

  I am having difficulty with a regex when testing for words that contain non-latin characters (specifcally Japanese, I haven't tested other scripts).
  My code:
  keyword = StringUtil.trim(keyword);
  //if(keywords.indexOf(keyword) == -1)
  regex = new RegExp("\\b"+keyword+"\\s*;","i");
  if(!regex.test(keywords))
  {Alert.show('"'+keywords+'" does not contain "'+keyword+'"'); keywords += keyword + "; ";}
  Where keyword is
  日本国
  and keywords is
  Chion-in; 知恩院; Lily Pond; Bridge; 納骨堂; Nōkotsu-dō; Asia; Japan; 日本国; Nihon-koku; Kansai region; 関西地方; Kansai-chihō; Kyoto Prefecture; 京都府; Kyōto-fu; Kyoto; Higashiyama-ku; 東山区; Places;
  When the function is run, it will alert that keywords does not contain keyword, even though it does:
  "Chion-in; 知恩院; Lily Pond; Bridge; 納骨堂; Nōkotsu-dō; Asia; Japan; 日本国; Nihon-koku; Kansai region; 関西地方; Kansai-chihō; Kyoto Prefecture; 京都府; Kyōto-fu; Kyoto; Higashiyama-ku; 東山区; Places; " does not contain "日本国"
  Previously I was using indexOf, which doesn't have this problem, but I can't use that since it doesn't match the whole word.
  Is this a problem with my regex, is there a modifier I need to add to enable unicode support or something?
  Thanks
  Dave

  ogre11 wrote:
  > I need to use refind to deal with strings containing
  accented characters like
  > ?itt? l?su, but it doesn't seem to find them. Also when
  using it with cyrillic
  > characters , it won't find individual characters, but if
  I test for [\w] it'll
  > work.
  works fine for me using unicode data:
  <cfprocessingdirective pageencoding="utf-8">
  <cfscript>
  t="Tá mé in ann gloine a ithe;
  Nà chuireann sé isteach nó amach
  orm";
  s="á";
  writeoutput("search:=#t#<br>for:=#s#<br>found
  at:=#reFind(s,t,1,false)#");
  </cfscript>
  what's the encoding for your data?