Putting an Apostrophe in an SQL Parameter

Anyone know how to escape an apostrophe for passing to an XSQL page?
I'm making an online directory. I get a list of names from the table, and then the user can click on a name to get more information. I'm having a real problem with names that contain aprostophies (ex: O'Donald)
If I simply call my XSQL page with the name as normal, it gives me an SQL error because there is a single apostrophe in my query. I've attempted to escape the apostrophe in my XSL file, but it gives me a Literal Mismatch error when I try to look for it using '
Here is the code I'm trying:
<xsl:template match="name">
<a><xsl:attribute name="href">search.xsql?name=<xsl:value-of select="substring-before(../name,''')" />''<xsl:value-of select="substring-after(../name,''')" /></xsl:attribute><xsl:value-of select="." /></a>
I've also tried making a variable that contains a '. Doing that, I don't get an error, but the substring-before return nothing... Thanks for any help you can offer!

1/ Would you try to put the aprostophies there without escaping ?
2/ Use XSLT extension

Similar Messages

Sql parameter substitution problems

Hi,
I am having problems with the sql parameter substitution. I have a query that
looks like this:
select name,value from table where name in ('name1','name2');
I have tried building a string that equals "'name1','name2'" and passing it as
a parameter to sql entering the javaDoc comments like:
select name,value from table where name in ({nameString})
The problem is that when it is substituted and set to the database it looks like
this:
select name,value from table where name in ('\'name1\',\'name2\'');
This will not work. Does anyone have any suggestions on how to do this using a
database control. Basically I'm looking for the ability to create dynamic sql
statements.
Thanks for your help.
Regards,
James

Anurag,
Thanks for the reply. I don't think that this solves my problem though. I will
never know how many strings to pass. It's all based on what the user wants, they
could ask for 2, 20, or any other number of names. It sounds like using a Database
control is not really possible for this situation. What do you think? Any chance
of this making into workshop in the future or in these situations is creating
an EJB the only way to go?
Thanks again.
Regards,
James Chamberlain
"Anurag Pareek" <[email protected]> wrote:
Hi James,
This result is same as what you will get on executing the following prepared
statement:
conn.prepareStatement("select empid from empdemo where name in (?)");
pstmt.setString(1,"'Person 1','Person 2','Person 3'");
pstmt3.execute();
Workshop's DBControl internally uses a PreparedStatement, hence you would
obtain the same result.
To get it working, you will need to pass in the 3 strings separately
as
below:
conn.prepareStatement("select empid from empdemo where name in
pstmt.setString(1,"Person 1");
pstmt.setString(1,"Person 2");
pstmt.setString(1,"Person 3");
Please do let me know if you have further queries regarding the issue.
Regards,
Anurag
Workshop Support
"James Chamberlain" <[email protected]> wrote in message
news:[email protected]...
Hi,
I am having problems with the sql parameter substitution. I have aquery
that
looks like this:
select name,value from table where name in ('name1','name2');
I have tried building a string that equals "'name1','name2'" and passingit as
a parameter to sql entering the javaDoc comments like:
select name,value from table where name in ({nameString})
The problem is that when it is substituted and set to the databaseit
looks like
this:
select name,value from table where name in ('\'name1\',\'name2\'');
This will not work. Does anyone have any suggestions on how to do thisusing a
database control. Basically I'm looking for the ability to create dynamicsql
statements.
Thanks for your help.
Regards,
James

Escaping "curly apostrophe" for a sql statement

Hi,
I'm trying to escape the curly apostrophe for a sql statement, i.e.,
Bob’s . I tried using the following
string str = inputStr.Replace("'","''");
Of course, this doesn't work.
Thanks!

Replace has 2 overloads. One uses 2 strings while the other uses 2 char parameters. Run this code on text pasted from each application.
static string ReplaceString()
string input =
"O'Hara";
foreach ( Char c
in input )
Console.WriteLine(c.ToString() +
" = " + Convert.ToInt32(c).ToString());
return input.Replace("'",
String.Empty);
Compare the values returned for the character. Then use the char value from Word and replace it with the char value from Notepad in the other overload that takes 2 char parameters.
Are you using a TextBox or a RichTextBox?
Mark the best replies as answers. "Fooling computers since 1971."
http://rudedog2.spaces.live.com/default.aspx

SQL Parameter Order

I'm not sure if this is a CR or BOE question but I'll post here first.
Is there any way to change the parameter order of a SQL Command Parameter?
I know it usually goes by the alphabetical order of the parameter name (i.e.: SQL Parameter name "StartDate" and "EndDate" would actually prompt EndDate first then StartDate).
I guess I can easily try to change the wording of the parameter names and that's what I did (I changed it to "1StartDate" and "2EndDate"). It prompts correctly in CR when I preview it... but when I bring it up to BOE and run the report there, it will prompt me the 2EndDate first instead of 1StartDate.
Any ideas?

James,
I have changed appropriately to match alphabetically (eg. Begin & End)... and like always, Crystal will display the prompt correctly and in correct when refreshing the report. But once I bring it up on BOE, it will prompt for End first then Begin.
Brian,
Thanks for your suggestion. However, I am aware of the parameter orders in the parameter viewer. While the parameter order list applies to parameter used on the actual report, it does not apply to the order SQL Command Parameters are for some reason. Regardless, it has always been set in the order I'd like it... just that when it comes to the SQL Parameter part, it never follows.
Could this be a BOE issue then?

SQL Parameter

How do u setup SQL parameter in .NET OLEDataAdapter. I tried to follow .NET sample to use ? but it doesn't work. Any idea? TIA

If you want to select all items you should use a query without a WHERE clause:
Select Id from table1
Please refer to the following page for more information about how to add a new query to your table adapter:
https://msdn.microsoft.com/en-us/library/kda44dwy.aspx.
You could call the new method with the new query "FillAll" or something.
You cannot select all values by passing some magic parameter value to the FillBy_Id query since it takes an id value to filter on.
Please remember to close your threads by marking helpful posts as answer and then start a new thread if you have a new question. Please don't post several questions in the same thread.

Pl/sql parameter portlet - need some help/advice - how to create

I want to create a pl/sql portlet that accepts a parameter and on submit passes the parameter to other portlets (sql reports) these are then automatically run to display the new data.
E.g.
parameter portlet = deptno
On submit
Sql reports then refreshed using the parameter
I am aware, and have tried the mycompnay demo, which works exactly as I want but the parameter portlet cannot be amended and is written in Java.
I need a pl/sql equivalent so I can tailor the code.
Any advice examples or guidance would be really appreciated.
Thanks in anticipation.
SD

Hi,
You can use a form portlet to accept parameters and then call a report in the success procedure of the form. In this example it calls a report with the value in the flightno field.
declare
flightno number;
blk varchar2(10) := 'DEFAULT';
begin
flightno := p_session.get_value_as_varchar2(
p_block_name => blk,
p_attribute_name => 'A_FLIGHT_NO');
call('SJDEMO30.report1.show?p_arg_names=flightno&p_arg_values='||
flightno);
end;
Thanks,
Sharmila

How to put Check Boxes in a SQL Report?

Hi All,
I have a SQL Report in my application. I want to put check box for each row of the report. How can I achieve that in APEX?
Here is my application page.
http://apex.oracle.com/pls/otn/f?p=20420:4:
Under the "Select" column heading I want to add the check box for each row of the report.
So that User select that row and when he clicks on Generate report It should generate its report.
The report should generate if user selects multiple rows also.
Workspace : alaka
username : [email protected]
Password : earth
Thanks
Alaka

Hi,
But I could not able to find whether the check box is checked or not.
In the apex page , button is provided and the checked rows "empno" should pass to next page hidden item when the button is clicked.
I tried apex_ITEM.CHECKBOX(1,empno,'CHECKED') by passing in the URL on click of the button. But it passes the test " apex_ITEM.CHECKBOX(1" to the item in the next page. And not checked values.
Here is my application page.
http://apex.oracle.com/pls/otn/f?p=20420:4:
Workspace : alaka
username : [email protected]
Password : earth
Application: TEST 20420
Page : 4
The button "Generate Report" is provided in the page. On click of this button the checked values should pass to the next page.
Please help me in this.
Thanks
Alaka

How to put data into a RFC import parameter structure from portal

Hi, All,
I have a RFC in which an import parameter is a structure (not a table). I want to put data into that structure. I know how to put data into a table or a string. I tried to use
IRecordSet MyTABStr = (IRecordSet)structureFactory.getStructure(function.getParameter("MYTABSTR").getStructure());
MyTABStr.setString("FIELD1", value1);
MyTABStr.setString("FIELD2", value2);
importParams.put("MYTABSTR",MyTABStr);
But it works for table not structure. Is there anybody know how to do that?
Thanks in advance!
Meiying

Hi,
You can try the following code -
IRecord structure = (IRecord)structureFactory.getStructure(function.getParameter("MYTABSTR").getStructure());
structure.setString("FIELD1", value1);
structure.setString("FIELD2", value2);
importParams.put("MYTABSTR",structure);
Regards,
Sudip

Matching apostrophe's using sql LIKE

heh anyone,
Does anyone know how to match a string that has more than one apostrophe in it under SQL using the LIKE statement..
eg. finding the data string "Surprise Me Bits 'N' Baskets '" in a database table?
...WHERE store LIKE 'Sur%' <- this doesn't work of course as it throws an SQL exception because of the '.
regards
JK

It's ok, solved it. The answer if you are using it in a JSP and feeding in the string to search on is:
String sur = from where ever...
WHERE store LIKE " + "\"" + Sur + "%\"";
cheers
JK

Apostrophe error for sql

hi all, i keep having this syntax error with sql statement with words like I'm, she's..etc. any words with apostrophe's is misunderstood by sql. have searched for various solutions and tried this but it still doesnt work:
String name=request.getParameter("name");
String newname=name.replaceAll(" ' "," ' ' ");
//(im replacing one apostrophe with 2 of them.)
String sqlInsert = "insert into prod values(" + " ' " + newname " ' )";
what is wrong with this? thanks

The correct answer here is the PreparedStatement (not that the other suggesstions won't work, but you should replace ' with '', that's single quote with double single quote, not single quote for double quote).
As mentioned earlier all this will be taken care of. if you use PreparedStatement You should get in the habit of using them anyway. It eliminates nearly all kinds of formatting problems, dates, variables with punctuation, etc. Save yourself from having many more problems, use PreparedStatement.

What is the equivalent Database Connectivity VI of the SQL Toolkit 'Set SQL Parameter to Null' VI ?

I am using the database connectivity (ADO based) tool and I want to be able to insert a null values.
I have included a simple VI that demonstrates how this works with SQL toolkit .
Null values are very useful and occur frequently in dealing with data. I wish that LabVIEW handled them much better - (e.g. there is not datatype in LabVIEW corresponding to a Null value).

The VI was not attached but I'm going to answer with what I have here.
- Currently, the Database Toolset converts NULLs to the default value for LabVIEW data types (ie, False for Boolean, empty strings, zero for numbers, empty arrays, etc). In the user manual there is an example that shows database records containing NULL values being first converted to a string, empty strings (the NULLs) are then converted to NaNs instead of the usual zero value. This method requires you to know what data types each field contains and that they know what to look for and how to convert the data.
You can go to this following link to suggest that a null datatype be implemented:
https://sine.ni.com/apps/we/nicc.call_me?p_country=&p_lang_id=US&p_form_id=58
-Also you cannot leave par
ameters values empty because there is a big difference between executing an SQL statement and doing a Parameterized Query, especially when looking at the low-level ADO layer.When doing Parameterized Queries, you MUST specify all parameter values - leaving them empty results in ADO trapping errors rather than using a default value.
Regards,
Cyril Bouton
Applications Engineer
National Instruments
Cyril Bouton
Active LabVIEW Developper

Query for required out put as mention below in SQL

HAI..
all
I HAVE A TABLES LIKE
SQL> SELECT *FROM A;
PCK PN
1 BIKES
2 COMPONENTS
SQL> SELECT *FROM B;
PSC PCK SBNAME
1 1 RASEBAIKE
2 1 SPEEDBIKE
3 2 MOTHERBORD
4 2 HARDIDSK
5 1 SPORTSBIKE
6 2 RAM
SQL> SELECT PN,SBNAME,COUNT(*) FROM A,B WHERE A.PCK=B.PCK GROUP BY ROLLUP(PN,SBNAME);
PN SBNAME COUNT(*)
BIKES RASEBAIKE 1
BIKES SPEEDBIKE 1
BIKES SPORTSBIKE 1
BIKES 3
COMPONENTS RAM 1
COMPONENTS HARDIDSK 1
COMPONENTS MOTHERBORD 1
COMPONENTS 3
6
I want output like this how to avoid duplicates in PN column in SQL
OUTPUT
1 BIKES
1 RASEBAIKE
2 SPEEDBIKE
5 SPORTSBIKE
2 COMPONENTS
3 MOTHERBORD
4 HARDIDSK
6 RAM

Kindly place \ before and after your data and code \try this
with a as
select 1 pck, 'BIKES' pn from dual union
select 2, 'COMPONENTS' from dual
, b as
select 1 psc, 1 pck, 'RASEBAIKE' sbname from dual union
select 2, 1, 'SPEEDBIKE' from dual union
select 3, 2, 'MOTHERBORD' from dual union
select 4, 2, 'HARDIDSK' from dual union
select 5, 1, 'SPORTSBIKE' from dual union
select 6, 2, 'RAM' from dual
select case
            when nvl(a.pn, 'ALL') = lead(a.pn) over (partition by a.pn order by a.pn) then
              null
            else
              nvl(a.pn, 'ALL')
       end pn
      ,b.sbname
      ,count(*)
from a, b
where a.pck = b.pck
group by rollup(a.pn, b.sbname)
PN         SBNAME       COUNT(*)
           RASEBAIKE           1
           SPEEDBIKE           1
           SPORTSBIKE          1
BIKES                          3
           HARDIDSK            1
           MOTHERBORD          1
           RAM                 1
COMPONENTS                     3
ALL                            6if you want the output as follows:
PN         SBNAME       COUNT(*)
BIKES      RASEBAIKE           1
           SPEEDBIKE           1
           SPORTSBIKE          1
                               3
COMPONENTS HARDIDSK            1
           MOTHERBORD          1
           RAM                 1
                               3
ALL                            6then simply modify LEAD to LAG

If checkbox is checked, put values in select-options and parameter...

Hello Experts,
Based on my selection-screen below, How do I fill p_eindt and p_monat with values if
the user clicked on the checkbox p_end? Below is my selection-screen:
SELECTION-SCREEN BEGIN OF BLOCK b2 WITH FRAME TITLE text-003.
SELECTION-SCREEN BEGIN OF BLOCK 1 WITH FRAME TITLE text-001.
PARAMETER: p_bukrs TYPE bukrs OBLIGATORY.
SELECT-OPTIONS: p_werks FOR wa_ekpo-werks OBLIGATORY NO INTERVALS,
 p_bsart FOR ekko-bsart OBLIGATORY NO INTERVALS,
 p_eindt FOR eket-eindt OBLIGATORY,
 p_ebeln FOR ekko-ebeln.
PARAMETER: p_monat TYPE monat OBLIGATORY,
 p_gjahr TYPE gjahr OBLIGATORY.
SELECTION-SCREEN END OF BLOCK 1.
SELECTION-SCREEN BEGIN OF BLOCK b1 WITH FRAME TITLE text-002.
PARAMETER: p_end AS CHECKBOX.
SELECTION-SCREEN END OF BLOCK b1.
SELECTION-SCREEN END OF BLOCK b2.
Hope you can help me guys.Thank you and take care!

Hi,
For F4 help for any input value in selection screen u can use:
Ex:
AT SELECTION-SCREEN ON VALUE-REQUEST FOR p_eidnt-LOW.
SELECT DISTINCT edint INTO TABLE IT_ab FROM <tablename>..
CALL FUNCTION 'F4IF_INT_TABLE_VALUE_REQUEST'
 EXPORTING
DDIC_STRUCTURE =
 RETFIELD = 'eindt'
 PVALKEY = ' '
 DYNPPROG = W_REPID
 DYNPNR = W_DYNNR
 DYNPROFIELD = 'p_eindt-LOW'
 STEPL = 0
 WINDOW_TITLE = 'Plant'
 VALUE = ' '
 VALUE_ORG = 'S'
 MULTIPLE_CHOICE = 'X'
 DISPLAY = ' '
 CALLBACK_PROGRAM = ' '
 CALLBACK_FORM = ' '
 MARK_TAB = 'X'
IMPORTING
 USER_RESET =
 TABLES
 VALUE_TAB = it_abc
 FIELD_TAB =
 RETURN_TAB = IT_RETURN
 DYNPFLD_MAPPING =
EXCEPTIONS
 PARAMETER_ERROR = 1
 NO_VALUES_FOUND = 2
 OTHERS = 3
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
 WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Try this.
Regards,
Vani.

How to use sql parameter

Hell, After I write pdf form, when I clicked the <submit button> in pdf form, I want to save data to MS SQL SERVER. I use Adobe Livecycle desinger v.8.1 program. My question is, 1. How to query with <where> statment ex) SELECT * FROM pubs WHERE title_id = '<param>' 2. How to save to MS SQL SERVER ex) INSERT INTO pubs VALUES ('<param1>','<param2>',...) Thanks for any help that you can give!

A warning which I hope is appropriate... even if you have taken care
of this, it may help other people who read this. The code you have
written will leave your SQL server wide open to attacks of the kind
which have compromised many web sites recently, so your server can be
used for sending spam, collecting passwords, stealing credit card
details etc.
Be sure you know what "SQL injection" is. You MUST check in detail all
of the data that you insert into an SQL command, even simple SELECT
statements, or you can be attacked. See the Wikipedia entry on SQL
Injection to get started.
Aandi Inston

Putting resultset Data into sql server 2000

hello,
I have some trouble with putting my Date into the sql server. I'm very confused about this and gives me a lot of headage!
This is my code:
public void GenerateAlarms(StringBuffer alarmsLeft) throws Exception
try
statement = conn.createStatement();
rsGenerate = statement.executeQuery("SELECT event_it, oplcl_id, host_id, app_id, sev_id, alarm_id,desc_id, prodef_id, alert_id, date_time FROM ScenarioFive");
int saveCheck;
sqlInsert.setInt(1, 1);
sqlInsert.setDate(2, rsGenerate.getDate(10));
sqlInsert.setInt(3, 1);
sqlInsert.setInt(4, 1);
sqlInsert.setInt(5, 2);
sqlInsert.setInt(6, 0);
sqlInsert.setInt(7, 2);
sqlInsert.setInt(8, 1);
sqlInsert.setInt(9, 2);
sqlInsert.setInt(10, 4);
saveCheck = sqlInsert.executeUpdate();
if (saveCheck == 0)
conn.rollback();
System.out.println("Alarms not Updated in new Database");
else
conn.commit();
rs.deleteRow();
catch (Exception e)
System.err.println("Got an exception! ");
System.err.println(e.getMessage());
System.out.println("Foult at insert alarms");
The error is Got an exception!
[Microsoft][ODBC Driver Manager] Invalid cursor state
OF course i have a Connection function to the database, I will give this just in case (this one is oke I think)
public void connection()throws Exception
String driver = "sun.jdbc.odbc.JdbcOdbcDriver";
String url = "jdbc:odbc:MSSQL-Storm1";
String username = "sqldemo";
String password = "sqldemo";
Class.forName(driver);
//Establish the conCection to the database.
conn = DriverManager.getConnection(url, password, username);
System.out.println("We are got Connected to STORM: Sql Server Port:1433");
statement = conn.createStatement();
conn.setAutoCommit(false);
Thanks a lot!!

Not a concern for an Oracle forum.
Als no need for SHOUTING.
Conventional solutions are
- dump the data to a csv file and load it in Mickeysoft SQL server
- use Oracle Heterogeneous services
- use Mickeysoft DTS
Whatever you prefer.
Sybrand Bakker
Senior Oracle DBA

Putting an Apostrophe in an SQL Parameter

Similar Messages

Maybe you are looking for