Report handling names with a single quote

Report 10gR2
I have created a report and most of the functionality that i want is working as expected.
I have a report where i am letting user enter their first name on one field and last name on another field in the parameter screen ( thats how it's stored in the database)
If they enter any name with an aphostrophe , say D'Costa ( either first name or last name)
then i get the below error
REP-50003: Bad parameter: pfaction=http://.........
I am using like keyword as seen below in the afterparam trigger and passing the parameter :p_where_last_name to the main sql query
:p_where_last_name := ' AND UPPER( :last_name) LIKE (' ||''''||'%'||UPPER(:last_name)||'%'||''''||')' ;
Whats the best approach to handle this issue
Also is there a way to capture this error
' REP-50003: Bad parameter: pfaction=http://.........
' and display a message, if so where and how, please advise.
thanks.
Edited by: Forms_Reports_Beginner on Aug 13, 2009 1:52 PM

I am not using form , it's just done in report, that is i am not calling the report from a form , just from a menu.
:last_name is a report_paramter that i created on the report.
you're right the first assignmnt is
AND UPPER( db column) LIKE
I have a paramter form on the report with a field last name and I am letting the user enter last name there which gets stored in the :last_name
Edited by: Forms_Reports_Beginner on Aug 14, 2009 7:29 AM
Edited by: Forms_Reports_Beginner on Aug 14, 2009 7:32 AM
Rodolfo,
your solution works,
:p_where_clause := ' AND UPPER( db_column ) LIKE (' ||''''||'%'||UPPER(Replace(:p_2,chr(39), chr(39)||chr(39)))||'%'||''''||')' ;
but i dont quite understand how this is working
Replace(:p_2,chr(39), chr(39)||chr(39))
i have never used chr
Edited by: Forms_Reports_Beginner on Aug 14, 2009 7:35 AM

Similar Messages

SQL Injection, replace single quote with two single quotes?

Is replacing a single quote with two single quotes adequate
for eliminating
SQL injection attacks? This article (
http://www.devguru.com/features/kb/kb100206.asp
) offers that advice, and it
enabled me to allow users to search name fields in the
database that contain
single quotes.
I was advised to use "Paramaterized SQL" in an earlier post,
but I can't
understand the concept behind that method, and whether it
applies to
queries, writes, or both.

Then you can use both stored procedures and prepared
statements.
Both provide better protection than simply replacing
apostrophes.
Prepared statements are simple:
Set myCommand = Server.CreateObject("ADODB.Command")
...snip...
myCommand.CommandText = "INSERT INTO Users([Name], [Email])
VALUES (?, ?)"
...snip...
myCommand.Parameters.Append
myCommand.CreateParameter("@Name",200,1,50,Name)
myCommand.Parameters.Append
myCommand.CreateParameter("@Email",200,1,50,Email)
myCommand.Execute ,,128 'the ,,128 sets execution flags that
tell ADO not to
look for rows to be returned. This saves the expense of
creating a
recordset object you don't need.
Stored procedures are executed in a similar manner. DW can
help you with a
stored procedure through the "Command (Stored Procedure)"
server behavior.
You can see a full example of a prepared statement by looking
at DW's
recordset code after you've created a recordset using version
8.02.
"Mike Z" <[email protected]> wrote in message
news:eo5idq$3qr$[email protected]..
>I should have repeated this, I am using VBScript in ASP,
with an Access DB.
>

How to pass presentation variable with enclosing single quotes

HI All,
As all of you know in 11g, Presentation variable can hold more than one value.So we can pass multiple values to the report through presentation variable.
If we select x,y,z values from prompt drop down,then those values will be stored like x,y,z in the presentation variable.
but I would like to store these values with enclosing single quotes like 'x,y,z'
The reason is I need to pass this variable value as input to BI Publisher sql dataset query where clause.
Please share your Ideas.
Thanks,
Aravind

Aravind,
Check this
Predefined Presentation Variables in OBIEE 11G | Praveen&#039;s Blog

How to replace double quotes with a single quote in a string ?

Hi All:
Can some one tell me how to replace double Quote (") in a string with a single quote (') ? I tried to use REPLACE function, but I couldn;t get it worked.
My example is SELECT REPLACE('STN. "A"', '"', ''') FROM Dual --This one throws an error
Thanks,
Dima.

Whether it is maybe not the more comfortable way, I like the quoting capabitlity from 10g :
SQL> SELECT REPLACE('STN. "A"', '"', q'(')') FROM Dual;
REPLACE(
STN. 'A'{code}
Nicoals.

String with embedded single quote

Hi, all. We're trying to pass a string from one procedure to another, which will then do an EXECUTE IMMEDIATE on it. However, there are single quotes withing the string, and they're driving us nuts! This is what the concatenated string should look like when passed to the pw_execDDL procedure:
insert into appimmunization.wsrprfs (inoc_id, proof, is_valid,proof_num) values ('MEAG', to_date('02-OCT-05','DD-MMM-YY'), 'Y',1);
Here's the concatenation process that doesn't work, and there are functions being called within the string:
chr_sql := 'insert into appimmunization.wsrprfs (inoc_id, proof, is_valid,proof_num) values (' || '''' || prm_inoc_id || '''' || ', ' || 'to_date(' || '''' || prm_proof1 || ''''||','||'''' ||'DD-MMM-YY'||''''||')' || ', ' || '''' || fw_is_proof_valid(prm_birth_date, prm_proof1) || '''' || ',1);';
pw_execDDL(chr_sql); /* call the procedure to do the EXECUTE IMMEDIATE */
Help! We've tried every combination -- using two single quotes together, three, and four, and still no luck. Thanks.

insert into appimmunization.wsrprfs (inoc_id, proof,
is_valid,proof_num) values ('MEAG',
to_date('02-OCT-05','DD-MMM-YY'), 'Y',1);
This statement can be made in a string with the following affectation:
chr_sql := 'insert into appimmunization.wsrprfs (inoc_id, proof, is_valid,proof_num) values (''MEAG'', to_date(''02-OCT-05'',''DD-MMM-YY''), ''Y'',1)';
Note please that each single quote in your original string must be specified using two single quotes and that is all. It is more readable and more easy to do it this way.
Michel.

Query with Apostrophe (single quote)

Hi all,
I have noticed that when you enter a search string with an apostrophe (eg. Tito's Station) in a textbox on a form linked to a table and hit the Query button, it generates an sql error. I think this is cos u cannot have an apostrophe (single quote) in the search string in a "where" clause.
I am using Portal version 3.0.6.6.5 on an 8.1.7 database.
I have logged a tar (1744105.999) for this but it is said to be a bug (1759202). I wish to enquire whether any of you have had this problem with a later version or at which version leve this bug has been fixed.
Does any1 know how to limit the text typed into a texbox, so that it wont accept certain characters (eg. the apostrophe key) ??
Thanks

Hi Rene'
Thanks for your help! This will definitely help me alot! I am a little baffled with your code for delimiting the single quote. I tried it and it doesnt work.
Thanks very much for the response
Naseem
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Rene' Castle ([email protected]):
This is still an issue in 3.0.8.9.8. You can use a Javascript validation routine to disallow special characters.
If you want to check to see that they only enter certain things you can do:
var s = theElement.value;
var filter=/^[a-zA-Z]{1,}$/;
if (s.length == 0 ) return true;
if (filter.test(s))
return true;
else
alert(" Please input a valid character" );
theElement.focus();
theElement.select();
return false;
The above code would only allow one or more alphabetic characters. You could make it [a-zA-Z0-9] to allow alphanumeric characters. You could also allow anything but specific characters by doing the following:
var s = theElement.value;
var filter=/[^']*/;
if (s.length == 0 ) return true;
if (filter.test(s))
alert(" Please input a string without a single quote (') in it" );
theElement.focus();
theElement.select();
return false;
else
return true;
Hope this gets you started.
Rene'<HR></BLOCKQUOTE>
null

REGEXP_LIKE help with literal single-quote

I'm trying to write a check constraint to validate email addresses that may include an apostrophe in the email address. Such as joe.o'[email protected] Here is my sample setup:
create table emails
( email_address varchar2(150)
insert into emails values('[email protected]') ;
insert into emails values('[email protected]') ;
insert into emails values('joey.o''[email protected]') ;
commit;
sql> select * from emails;
EMAIL_ADDRESS
[email protected]
[email protected]
joey.o'[email protected]
alter table emails add constraint email_address_format_ck
CHECK ( REGEXP_LIKE ( email_address, '^[a-z0-9._%-]\'?+@[a-z0-9._%-]+\.mil$','c'));
ERROR at line 2:
ORA-00911: invalid characterIt doesn't like *\'?*
My understanding is this means one or more single-quotes. Anyone know the correct syntax to accept apostrophes?

Hi,
jimmyb wrote:
... insert into emails values('joey.o''[email protected]') ;
That's the correct way (actually, that's one correct way) to include a single-quote in a string literal: use 2 single-quotes in a row.
... alter table emails add constraint email_address_format_ck
CHECK ( REGEXP_LIKE ( email_address, '^[a-z0-9._%-]\'?+@[a-z0-9._%-]+\.mil$','c'));Here, the 2nd argument to REGEXP_LIKE is a string literal, just like 'joey.o''[email protected]' was a string literal.
To include a single-quote in the middle of this string literal, do the same thing you did before: use 2 of them in a row:
CHECK ( REGEXP_LIKE ( email_address, '^[a-z0-9._%''-]+@[a-z0-9._%-]+\.mil$','c'));There were a couple of other problems, too.
I'm sure you meant for the apostrophe to be inside the square brackets. Inside square brackets, \ does not function as an escape character. (Actually, single-quote has no special meaning in regular expressions, so there's no need to escape it anyway.)
I'm not sure what the '?' mark was doing; I left it out.
Of course, you'll have trouble adding the CHECK constraint if any existing rows violate it.
Edited by: Frank Kulash on Feb 10, 2012 6:52 PM

Issue searching a content with a single quote in title using matches

Hi,
I'm trying to search a content which has a single quote in its title by using the following code:
ISCSSearchAPI searchAPI = app.getUCPMAPI ().getActiveAPI ().getSearchAPI ();
ISCSSearchQuery query = (ISCSSearchQuery)app.getUCPMAPI ().createObject (ISCSSearchQuery.class);
query.setQueryText(queryText);
ISCSSearchResponse response = searchAPI.search(scsContext, query);
when the query text is: dDocTitle <matches> `What's New`
an exception occurs:
Unable to retrieve search results. Error occurred while retrying the search query. Error occurred while processing. Unable to return results.
Exception in thread "main" com.stellent.cis.client.command.CommandException: Unable to retrieve search results. Error occurred while retrying the search query. Error occurred while processing. Unable to return results.
     at com.stellent.cis.server.api.scs.impl.SCSCommand.executeRequest(SCSCommand.java:338)
     at com.stellent.cis.server.api.scs.impl.SCSCommand.execute(SCSCommand.java:222)
     at com.stellent.cis.client.command.impl.services.CommandExecutorService.executeCommand(CommandExecutorService.java:57)
     at com.stellent.cis.client.command.impl.CommandFacade.executeCommand(CommandFacade.java:158)
     at com.stellent.cis.client.command.impl.BaseCommandAPI.invokeCommand(BaseCommandAPI.java:84)
     at com.stellent.cis.client.api.scs.search.impl.SCSSearchAPI.search(SCSSearchAPI.java:52)
     at com.guycarp.cm.service.ContentQueryService.search(ContentQueryService.java:133)
     at com.guycarp.cm.service.ContentQueryService.main(ContentQueryService.java:168)
Caused by: com.stellent.cis.server.api.scs.request.SCSRequestException: Unable to retrieve search results. Error occurred while retrying the search query. Error occurred while processing. Unable to return results.
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestProcessor.checkBinderForErrors(SCSRequestProcessor.java:357)
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestProcessor.validateResponse(SCSRequestProcessor.java:273)
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestProcessor.processRequest(SCSRequestProcessor.java:118)
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:61)
     at com.stellent.cis.server.api.scs.request.stream.SCSOptimizedPublishFilter.handleRequest(SCSOptimizedPublishFilter.java:128)
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:58)
     at com.stellent.cis.server.api.scs.request.stream.SCSOptimizedRetrieveFilter.handleRequest(SCSOptimizedRetrieveFilter.java:250)
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:58)
     at com.stellent.cis.server.api.scs.request.rewrite.SCSRewriteURLFilter.handleRequest(SCSRewriteURLFilter.java:140)
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:58)
     at com.stellent.cis.server.api.scs.request.cache.impl.SCSServiceCacheFilter.handleRequest(SCSServiceCacheFilter.java:104)
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestFilterChain.doRequestFilter(SCSRequestFilterChain.java:58)
     at com.stellent.cis.server.api.scs.request.impl.SCSRequestExecutorProxy.execute(SCSRequestExecutorProxy.java:105)
     at com.stellent.cis.server.api.scs.impl.SCSCommand.executeViaProxy(SCSCommand.java:353)
     at com.stellent.cis.server.api.scs.impl.SCSCommand.executeRequest(SCSCommand.java:335)
but the query text dDocTitle <contains> `What's New`
works fine.
Is there any escape character that I should be using for the single quote when we use <matches> operator?
Facing the same issue when searching from the content server console.
Any idea!
Thanks,
Anil

There seems to be none OOTB, but you can define it, see http://docs.oracle.com/cd/E25054_01/doc.1111/e10792/c05_search.htm#CHDIEECF

Update with a Single Quote value

how do i update a field containing a sigle quote in a record ?
e.g :
i have a table s_order_item_xa
filed: attr_name
old value: Noofndk
new value: Noofn's
how can i update above field value? i am using row_id in where condition to identify rows which i want to update.

Hi,
Is the question "How can I include a single-quote character in a string literal?", then the answer is to use 2 of them, like this:
UPDATE books
SET     dewey_num = '291''.4'
WHERE   dewey_num = '291.4'
;In Oracle 10 (and up) you can also use Q-notation. For example:
UPDATE books
SET     dewey_num = Q'[291'.4]'
WHERE   dewey_num = '291.4'
;Edited by: Frank Kulash on Sep 14, 2009 9:51 AM

Overwrite crystal report file name with new version but keep history

I am writing a Crystal Reports .NET SDK in C# code to upload a crystal report files from its destination to CMC folder on BO XI R2 Platform.
On "Upload Button" click_event, validate the two check boxes controls named "Keep History", and "Remove History". Once "Keep History" check box is selected, check If the SAME report file name exists in the same destination CMC folder, if Yes, overwrite it BUT Keep the History and all its associated objects like "recurring objects". If "Remove History" is selected, then remove the existing report and upload the new report file name.
Please provide me some codes on how to do this task. This is definitely a "WIN" - "WIN" effort and contribution to my Team Goals.
P.S. This is a similar scenario when you are uploading report on BO Enterprise R2 CMC.
When Uploading a new report to a folder but same report file name exists, the BO System will promt message "Report File Name" already exists. Do you want to Overwrite it?" If Yes, then system will overwrite the file but it will keep the history and recurring objects.
Any help would be greatly appreciated.
Thanks,
Bien

Suggest looking at [this|https://wiki.sdn.sap.com/wiki/display/BOBJ/NETBusinessObjectsEnterpriseSDKSamples] wiki for links to pertinent samples. Also, check out the [Developer Help File|http://devlibrary.businessobjects.com/BusinessObjectsXIR2SP2/en/en/WS_SDK/wssdk_server/default.htm]. Searching these forums for similar queries may also prove to be fruitful
Ludek

XL Reporter - folder name with funny character

Hi experts,
I'm using SAP B12007A PL:30 and XL Reporter Version 8.0.13.
When I try to start my xl reporter, all predefined folder names in Report Organizer change
to funny character. For example, the predefined folder name of "Inventory" display as "B1_11_2304".
Please advice. Thanks

Hi,
Kait Chong.
once again you disconnect XL Report Add on in Add on Manager then you Connect XL Report. B1_11_2304". this is Inventory ID. try to Uninstall XL Report and install XL Report Add on then it will show
Dimensions are transaction data that has underlying tables (master data) in the SAP Business One database. For instance, if you have a transaction with the name of a sales person recorded, you can have an underlying Sales Employee table that holds more information about the sales person. Other examples of dimensions are: Financial Period, G/L Accounts, Business Partner, Warehouses, Items, Vendor and many more.

Handling requests with a single JSP

Is it possible to route all requests in a given folder to one JSP? I'd like requests like:
/calendar/Home.ics
to go to
/calendar/index.jsp
I know I can do this with a Servlet, but I'm trying to run an application-wide bean when someone calls one of the /calendar/*ics files.
Thanks!
Ben

Thanks, I was able to figure the answer myself..
I am writing a simple page to handle the loading of calendars in lieu of having webdav. I have a servlet handling the data load (from calendar to MySQL database). Then I have a JSP area that uses an application bean to hold the information from the database (database sometimes takes 30 sec to respond). Within webdav, it would only work with the servlet area, and I needed to take the updated calendar info and force a refresh in the JSP area to know that there was a change.
Sorry for the odd details. If you are interested in something like that, just post here, and I'll make the code available on SourceForge when I'm done.
Ben

How do I replace one ' (Single Quote) with '' (Two single Quote)

Hi,
I have been surfing around the forum, coudn't find the similiar case.
I have been trying but fail. Below is my code:
activity = request.getParameter("activity");
activity = activity.replace("\'", "\'\'");
Error Occur:
Incompatible type for method. Can't convert java.lang.String to char. activity = activity.replace("\'", "\'");
I'm trying to use replaceAll(), but seem like the method is not existed, we are using Version Java 1.3
Pls advise.
Regards
Ying

For JDK 1.3 or ealier, use this:
public static String replaceSubstrings(String str, String sub, String rep){
    int s, p, q;
    int slen = sub.length();
    StringBuffer sb = new StringBuffer();
    s = 0;
    p = str.indexOf(sub);
    q = p + slen;
    while (p != -1){
      sb.append(str.substring(s, p));
      sb.append(rep);
      s = q;
      p = str.indexOf(sub, s);
      if (p != -1){
        q = p + slen;
    sb.append(str.substring(s));
    return sb.toString();
activity = replaceSubstrings(activity, "'", "''");

Replace single quote with two single quotes

Hi all,
I have a value = ABCD'S(>@!23. i want to replace the value as ABCD''S(>@!23.
Thanks in advance

What is your database version ? Q operator works from 10G onwards.
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Nov 23 14:35:38 2010
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL> conn hr
Enter password:
Connected.
SQL> CREATE TABLE test_Q_operator(str VARCHAR2(30));
Table created.
SQL> INSERT INTO test_Q_operator VALUES('ABCD''S(>@!23');
1 row created.
SQL> INSERT INTO test_Q_operator VALUES('Saubhik''s test row');
1 row created.
SQL> commit;
Commit complete.
SQL> SELECT str,REPLACE(str,Q'[']',Q'['']') col2
2 FROM test_Q_operator;
STR
COL2
ABCD'S(>@!23
ABCD''S(>@!23
Saubhik's test row
Saubhik''s test row
SQL>Also check you SQL*PLUS client version.

Single Quote in Parameter values...!

Hi there,
I am using oracle oracle disco. 10g
In my report there are 2 parameters. First being the customer name and another being the transaction reference. Transaction reference parameter is based on the customer name(s) selected.
The customer data contains a single quote [e.g. ABC's]. Thus, when the user selects the customer name [with a single quote] and tries to select the transaction reference - discoverer viewer returns an error message - 'Invalid Value'
This does not happens in discoverer plus.
Imp: We can not change the data - otherwise I would have remove the single quote from the customer name as part of my query.
any ideas..!
Any help would be really appreciated.
Best Regards,
Manish

Hi Yogini,
Thanks for your reply.
When the customer name is selected, discoverer reports automatically enclose the customer names in single quotes. like 'ABC LTD', 'ABC's INC',
I know how to change this single quote format. Also we don't want user to change the parameter selection criteria once selected.
Also related to double quotes isn't it doubles are treated as column names in the SQL query and can not be used for any other purpose.
Apologies, I haven't tried this but I think it will not work. Have you tried this with discoverer viewer.
As mentioned intrusting things is when a customer name with single quote is selected in discoverer Plus it automatically formats the filter criteria to look like ['ABC LTD', 'ABC''s INC'] but this thing doesn't happen in viewer.
I think this is a bug in discoverer viewer and think there must be some patch available to correct this problem.
Sorry, don't have a solution yet but will certainly update the thread once I get the solution.
Also please keep looking for a solution and let me know as well.
Thanks a lot in advance.
Best Regards,
Manish

Report handling names with a single quote

Similar Messages

Maybe you are looking for