Single quote in dynamic query

Similar Messages

• Single quote in dynamic where condition

  BAPI_STUDENT_IDENTIFIC_ADD has a field called IDENTIFICATIONNUMBER.  This field is later used in a dynamic where condition and causes a short dump when it contains a single quote.  I will change the program that calls the BAPI to check for single quotes, but is there anything else I need to check for to ensure a correct where condition?
  Thanks,
  Dan

  Hi Dan,
  The best way to ensure correctness of syntax of a dynamic where condition is:
  Run the program in debugging mode, Get the Query that is generated dynamically and write it to some other ABAP program and perform syntax check.
  This will help you to remove all the syntax errors.
  Regards,
  Darshil

• Single quote in the query

  Hi,
  I am inserting a string literal that contains one or more single quotes. I know i have to use two single quote ('') to represent one single quote in my insert query and four single quotes('''') to show two single quotes. However, when i do a select from the table, all single quotes are escaped with a backslash in front of it (\'). This cause some problem when i display the string in html page. How can i skip the back slash and keep only the single quote in my select query? Thanks
  Kim Titu

  Kim,
  To insert single quote or double quote string try using the ascii values as below -
  CHR(34) ==> " (double quote)
  CHR(39) ==> ' (single quote)
  Example:
  Insert into emp(EMPNAME) values(CHR(39)||'TEST'||CHR(39));
  Now,
  Select EMPNAME from emp;
  will give you the result - 'TEST'
  Regards,
  Murali Mohan

• Single quote in SPARQL query

  Hi,
  I have a SPARQL query with a clause like (?affy gb:bioprocess "3\'-phosphoadenosine" .). Oracle Jena adapter translates it into
  sdo_rdf_match('(?affy <gb#bioprocess> "3\'||chr(39)||'-phosphoadenosine")..., which throws the following error when executing the query:
  java.sql.SQLException: ORA-29532: Java call terminated by uncaught Java exception: oracle.spatial.rdf.server.TokenMgrError: Lexical error at line 1, column 50. Encountered: "\'" (39), after : "\"3\\"
  ORA-06512: at "MDSYS.RDF_MATCH_IMPL_T", line 169
  ORA-06512: at "MDSYS.RDF_MATCH_IMPL_T", line 35
  ORA-06512: at line 4
  What does Oracle Jena adapter expect if the SPARQL query has single quote in the literal value? Thanks,
  Weihua

  Hi,
  What is your database version?
  Could you list exactly the literal value you want to query? Please ignore any escapes. Is it as follows?
  3'-phosphoadenosine
  Thanks,
  Zhe

• Single quotes problem with execute immediate

  Thanks for considering to solve the issue.
  [i]Situation:
  I am trying to create a procedure to perform a set of operations. As part of that, I am trying to create a table using execute immediate statement. This create table statement has a select sub query where p_LOB3 is the variable for the procedure of datatype varchar2.
  Problem :
  I need to pass the variable p_LOB3 as single quoted as it is of type Varchar2. Also I need to enclose the entire create table query within single quotes. How do I specify this as it is throwing an error when the PL/SQL engine is parsing the single quotes in the query used twice for different purposes as mention earlier.
  Query:
  execute immediate'create table test5 as select min(contract_number)as contract_number,contact_id,max(line_of_business) as line_of_business from mytable group by contact_id having min(contract_number) = max(contract_number) and max(Line_of_business) = 'p_LOB3' ';

  Thank you Todd,
  Is just worked fine.
  New issue is: I am not able to put 2 such statements in a single procedure and execute. Before I give parameters to the procedure, PL/SQL engine is actually creating a view of the mytable and naming is as test5, as a result I am not able to create a table as there is a view with the same name.
  Right now, the workaround I am using is to create three different procedures to create three such tables. I know this is not a good idea....can you please tell me if there is a better way.
  Procedure
  CREATE OR REPLACE PROCEDURE SP_CREATE_0_0(p_LOB1 IN varchar2, p_LOB2 IN varchar2)
  IS
  BEGIN
  execute immediate 'create table test5 as select min(contract_number) as
  contract_number,contact_id,max(line_of_business) as line_of_business from
  mytable group by contact_id having min(contract_number) = max(contract_number)
  and max(Line_of_business) = ' ' ' || p_LOB1 || ' ' ' ';
  execute immediate 'create table test5 as select min(contract_number) as
  contract_number,contact_id,max(line_of_business) as line_of_business from
  mytable group by contact_id having min(contract_number) = max(contract_number)
  and max(Line_of_business) = ' ' ' || p_LOB1 || ' ' ' ';
  END SP_CREATE_0_0;
  /

• How to construct a sql query when field having single quote

  Hi all,
  I have been working on web application , here is my requirement:
  I'm constructing sql statement dynamically from dynamic user input (form data). In one of the field having single quote.
  while executing the query it is getting problem because of single quote .. so how do i resolve my problem.
  single quote should be there. (I'm using Ms-Access as my database).
  Thanks in advance
  abel

  Use PreparedStatement. Always. It not only eases setting Java objects in a SQL query, but also protects you against SQL injections.
  Prepare yourself: [http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html].

• Dynamic SQL and Data with Single Quotes in it.

  Hi There,
  I have a problem in that I am using dynamic SQL and it happens that one of the columns does contain single quotes (') in it as part of the data. This causes the resultant dynamic SQL to get confused as the single quote that is part of the data is taken to mean end of sting, when in fact its part of the data. This leaves out a dangling single quote that was meant to enclose the string. Here is my dynamic SQL and the result of the parsed SQL that I have captured:
  ****Dynamic SQL*****
  l_sql:='select NOTE_TEMPLATE_ID '||
  'FROM TMP_NOTE_TEMPLATE_VALUES '||
  'where TRIM(LEGACY_NOTE_CODE)='''||trim(fp_note_code)||''' '||
  'and TRIM(DISPLAY_VALUE)='''||trim(fp_note_text)||''' ';
  execute immediate l_sql INTO l_note_template_id;
  Because the column DISPLAY_VALUE contains data with single quotes, the resultant SQL is:
  ******PARSED SQL************
  select NOTE_TEMPLATE_ID
  FROM TMP_NOTE_TEMPLATE_VALUES
  where TRIM(LEGACY_NOTE_CODE)='INQ' and TRIM(DISPLAY_VALUE)='Cont'd'
  And the problem lies with the single quote between teh characters t and d in the data field for DISPLAY_ITEM. How can I handle this?
  Many thanks,

  I have been reliably informed that if one doesn't enclose char/varchar2 data items in quotes, the right indices may not be usedI am into oracle for past 4 years and for the first time i am hearing this.
  Your reliable source is just wrong. Bind variables are variables that store your value and which are used in SQL. They are the proper way to use values in your SQL. By default all variables in PL/SQL is bind variable.
  When you can do some thing in just straight SQL just do it. Dynamic SQL does not make any sense to me here.
  Thanks,
  Karthick.

• Query with Apostrophe (single quote)

  Hi all,
  I have noticed that when you enter a search string with an apostrophe (eg. Tito's Station) in a textbox on a form linked to a table and hit the Query button, it generates an sql error. I think this is cos u cannot have an apostrophe (single quote) in the search string in a "where" clause.
  I am using Portal version 3.0.6.6.5 on an 8.1.7 database.
  I have logged a tar (1744105.999) for this but it is said to be a bug (1759202). I wish to enquire whether any of you have had this problem with a later version or at which version leve this bug has been fixed.
  Does any1 know how to limit the text typed into a texbox, so that it wont accept certain characters (eg. the apostrophe key) ??
  Thanks

  Hi Rene'
  Thanks for your help! This will definitely help me alot! I am a little baffled with your code for delimiting the single quote. I tried it and it doesnt work.
  Thanks very much for the response
  Naseem
  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Rene' Castle ([email protected]):
  This is still an issue in 3.0.8.9.8. You can use a Javascript validation routine to disallow special characters.
  If you want to check to see that they only enter certain things you can do:
  var s = theElement.value;
  var filter=/^[a-zA-Z]{1,}$/;
  if (s.length == 0 ) return true;
  if (filter.test(s))
  return true;
  else
  alert(" Please input a valid character" );
  theElement.focus();
  theElement.select();
  return false;
  The above code would only allow one or more alphabetic characters. You could make it [a-zA-Z0-9] to allow alphanumeric characters. You could also allow anything but specific characters by doing the following:
  var s = theElement.value;
  var filter=/[^']*/;
  if (s.length == 0 ) return true;
  if (filter.test(s))
  alert(" Please input a string without a single quote (') in it" );
  theElement.focus();
  theElement.select();
  return false;
  else
  return true;
  Hope this gets you started.
  Rene'<HR></BLOCKQUOTE>
  null

• Can a single quote be used at the beginning of a query string parameter

  Hi all,
  I am a relative newbie and have a newbie question.
  Can a single quote be used at the beginning of a query string parameter passed to a jsp page? Are there any inherant problems with this? Is there a comprehensive list of characters that must be escaped in a query string parameter?
  Example: http://mysite.com/myjsp.jsp?param1='nghdh
  Thanks

  You'll have to escape most non-letter characters before you can pass them as a URL. I don't know if it's necessary for a single quote, but better safe than sorry.
  Either use java.net.URLEncoder(...) or use javax.servlet.http.HttpServletResponse.encodeURL(String). I wouldn't recommend using unescaped characters in your URLs, that might cause pretty funny behavior that's sometimes hard to trace back. Don't worry about decoding it, your JSP/Servlet container will do it when you call javax.servlet.http.HttpServletRequest.getParameter(String).

• How to escape a single quotes from a string of dynamic sql clause?

  if a single quotes exist in a dynamic sql clause for a string,
  like
  v_string :='select tname from tab where tabtype='table'',
  there tabtype='table' will conflict with the single quote ahead.
  could somebody tell me how to escape this single quotes?
  thanks for your tips,
  frederick

  fredrick,
  To represent one single quotation mark within a literal, enter two single quotation marks. For example :
  v_string :='select tname from tab where tabtype=''table'''
  Regards,
  Srinivas

• How to handle XML string with Single Quotes as a parameter to SP dynamically?

  Hi,
  I would like to know if there is a way to handle the Single Quotes in XML value when it is passed to Stored Procedure?
  I should be able to handle it without adding another Single Quote to it.
  Thanks,
  Chandra Shekar

  Hi Chandra,
  Your requirement is not precise. Based on my understanding and guessing, are you metioning something like the below sample?
  /*If the xml is generated you have no need to escape the singe quote(')*/
  DECLARE @xmlTbl TABLE (ID INT,name VARCHAR(99));
  INSERT INTO @xmlTbl VALUES(1,'Eric''s')
  INSERT INTO @xmlTbl VALUES(2,'Zhang''s')
  DECLARE @xmlDoc1 XML
  SELECT @xmlDoc1
  FROM @xmlTbl FOR XML PATH('PERSON'),ROOT('PERSONS')
  EXEC yourProcedure @xmlDoc1
  /*If your copy and paste the xml, you have to escape the single quote(') with 2s('')*/
  DECLARE @xmlDoc2 XML
  SET @xmlDoc2 = '<PERSONS>
  <PERSON>
  <ID>1</ID>
  <name>Eric''s</name>
  </PERSON>
  <PERSON>
  <ID>2</ID>
  <name>Zhang''s</name>
  </PERSON>
  </PERSONS>'
  EXEC yourProcedure @xmlDoc2
  If that is not regarding your requirement, please elaborate with more details.
  Eric Zhang
  TechNet Community Support

• How to use a single quote string in where condition

  Hi,
  I have one problem in building a query.
  SELECT agx_drug_indication.record_id, agx_drug_indication.fk_ad_rec_id,
  agx_drug_indication.drugindicationmeddraver, agx_drug.record_id,
  agx_drug.fk_apat_rec_id,
  REPLACE (agx_drug.medicinalproduct, '''', '''') AS "MEDICINALPRODUCT",
  pack_imp_objects.fn_get_arisg_code
  (147,
  agx_drug_indication.drugindicationmeddraver
  ) AS "DRUGINDICATIONMEDDRAVER",
  agx_drug.drugindication,
  NVL (agx_drug.drugcharacterization, 1) AS "DRUGCHARACTERIZATION",
  agx_safety_report.record_id, agx_safety_report.case_identifier_no,
  agx_safety_report.fk_apat_rec_id,
  pack_imp_objects.fn_meddra_llt_matching
  (agx_drug_indication.drugindication,
  agx_drug_indication.drugindication,
  agx_drug_indication.drugindicationmeddraver,
  1
  ) AS "LLT_CODE",
  pack_imp_objects.fn_meddra_soccode_matching
  (agx_drug_indication.drugindication,
  agx_drug_indication.drugindicationmeddraver
  ) AS "PRIMARY_SOC_CODE",
  pack_imp_objects.fn_meddra_soccode_matching
  (agx_drug_indication.drugindication,
  agx_drug_indication.drugindicationmeddraver
  ) AS "CASE_SOC_CODE",
  pack_imp_objects.fn_meddra_pt_matching
  (agx_drug_indication.drugindication,
  agx_drug_indication.drugindication,
  agx_drug_indication.drugindicationmeddraver
  ) AS "PT_CODE",
  pack_imp_objects.fn_get_aer_id (11) AS "AER_ID"
  FROM agx_drug_indication,
  agx_drug,
  agx_safety_report
  WHERE agx_drug_indication.fk_ad_rec_id = agx_drug.record_id
  AND agx_drug.fk_apat_rec_id = agx_safety_report.fk_apat_rec_id
  AND agx_safety_report.case_identifier_no IS NOT NULL
  AND agx_drug_indication.drugindication IS NOT NULL
  AND agx_drug.medicinalproduct =
  REPLACE ('*-qVAGX_DRUG.MEDICINALPRODUCT*', '''', '''')
  In the above query last line '-qVAGX_DRUG.MEDICINALPRODUCT' is a dynamic variable which may or may not contain the single quotes.
  Ex: ABC's or just ABC.
  The query has to support both single quote and without quote in it.
  I wanted everything to be done in the sinlq query on not a PL/SQL Block.
  Please help me ASAP

  kumar0828 wrote:
  <font color="#FF0000"> ... </font>
  REPLACE (agx_drug.medicinalproduct, '''', '''') AS "MEDICINALPRODUCT",
  <font color="#FF0000"> ... </font> <pre>
  REPLACE (agx_drug.medicinalproduct, '<font style="background-color: #E7FA6B">''</font>', '<font style="background-color: #E7FA6B">''</font>')
  </pre>
  With the above statement you are replacing single quote with another single quote
  (which is nonsense).
  <font color="#FF0000"> ... </font>
  AND agx_drug.medicinalproduct = REPLACE ('*-qVAGX_DRUG.MEDICINALPRODUCT*', '''', '''')
  In the above query last line '-qVAGX_DRUG.MEDICINALPRODUCT' is a dynamic variable which may or may not contain the single quotes.This is not a dynamic variable but a string value:
  <pre>
  AND agx_drug.medicinalproduct =
  REPLACE (<font style="background-color: #FF3D55">'*</font>-qVAGX_DRUG.MEDICINALPRODUCT<font style="background-color: #FF3D55">*'</font>, '<font style="background-color: #E7FA6B">''</font>', '<font style="background-color: #E7FA6B">''</font>')
  </pre>
  *-qVAGX_DRUG.MEDICINALPRODUCT* <pre>
  AND agx_drug.medicinalproduct =
  REPLACE (<font style="background-color: #FF3D55">q'*</font>-qVAGX_DRUG.MEDICINALPRODUCT<font style="background-color: #FF3D55">*'</font>, '<font style="background-color: #E7FA6B">''</font>', '<font style="background-color: #E7FA6B">''</font>')
  </pre>
  -qVAGX_DRUG.MEDICINALPRODUCT q'[a]' => a
  q'[a']' => a'
  q'[a'']' => a''
  q'*a*' => a
  q'*a'*' => a'
  q'*a''*' => a''
  A variable also cannot contain a dot (.):
  <pre>VAGX_DRUG<font style="background-color: #FF3D55">.</font>MEDICINALPRODUCT</pre>
  Ex: ABC's or just ABC.
  The query has to support both single quote and without quote in it.
  I wanted everything to be done in the sinlq query on not a PL/SQL Block.
  Please help me ASAPTry this:
  <pre>
  AND agx_drug.medicinalproduct = MY_VARIABLE
  </pre>

• Dynamic query with Data Access Layer

  I have a program that has a multiselect box (JSP form) to select certifications and then search to see which employee may have them.
  I have no issues when searching by only one, but if I select multiple certifications from the multiselect box, it doesn't work. I've tried and tried and I can't seem to figure this out.
  Below is the code for returning employees that match what certifications were chosen. Again, it works fine if only 1 was selected. I wish for it to return only the employees that match all selections.
  the arguments passed to the DataAccess Layer are an array of certification ID's and the size variable is how many certifications were chosen. The for loop is supposed to dynamically append to the end of the query an extra "AND" sql operator to match up. The 3 tables selected in the query are Employee (a list of employees and ID's), Certificates (a list of possible certificates and their ID's) and Employee_Certificate (a table that matches which employees have which certificates).
  What am I doing wrong?
  public List certSearch(int cert[], int size) throws Exception{
           // connection instance
           ArrayList list = new ArrayList();
           Connection connection=null;
           PreparedStatement pstatement = null;
           try
                  list.clear();
                  StringBuffer queryString = new StringBuffer("SELECT * from EMPLOYEE, EMPLOYEE_CERTIFICATE, CERTIFICATE" +
                                       " WHERE employee_certificate.employee_id = employee.employee_id " +
                                       "AND certificate.certificate_id = employee_certificate.certificate_id ");
                  for (int incr = 0; incr < size; incr++){
                      queryString.append("AND certificate.certificate_id = " + cert[incr] + " ");
                  String query;
                  query = queryString.toString();
                  // Send query to database and store results.
                  Class.forName(Driver);
                  //Establish network connection to the db
                  connection = (Connection) DriverManager.getConnection(url, username, password);
                  pstatement = (PreparedStatement) connection.prepareStatement(query);
                  ResultSet rs = pstatement.executeQuery();
                  while (rs.next())
                      Employee emp = new Employee();
                      int empID=Integer.parseInt(rs.getString("employee_id"));
                      String first=rs.getString("first_name");
                      String last=rs.getString("last_name");
                      emp.setID(empID);
                      emp.setFirstName(first);
                      emp.setLastName(last);
                      list.add(emp);
             catch(Exception readerr)
                  System.err.println("Error reading  "+ readerr);
             finally
              try
                  // close the connection so it can be returned to the
                  // connection pool then return the SubjectCounselor instance
                  connection.close();
              catch (SQLException ex)
                     System.err.println("Error reading employee data: " + ex);
              return list;
      }Edited by: Snadinator on Aug 1, 2009 1:35 PM

  You don't get it.
  This should work :
  public List certSearch(int cert[], int size) throws Exception{
           // connection instance
           ArrayList list = new ArrayList();
           Connection connection=null;
           PreparedStatement pstatement = null;
           try
                  list.clear();
                  String query = buildQuery(cert);
                  // Send query to database and store results.
                  Class.forName(Driver);
                  //Establish network connection to the db
                  connection = (Connection) DriverManager.getConnection(url, username, password);
                  pstatement = (PreparedStatement) connection.prepareStatement(query);
                  ResultSet rs = pstatement.executeQuery();
                  while (rs.next())
                      Employee emp = new Employee();
                      int empID=Integer.parseInt(rs.getString("employee_id"));
                      String first=rs.getString("first_name");
                      String last=rs.getString("last_name");
                      emp.setID(empID);
                      emp.setFirstName(first);
                      emp.setLastName(last);
                      list.add(emp);
             catch(Exception readerr)
                  System.err.println("Error reading  "+ readerr);
             finally
              try
                  // close the connection so it can be returned to the
                  // connection pool then return the SubjectCounselor instance
                  connection.close();
              catch (SQLException ex)
                     System.err.println("Error reading employee data: " + ex);
              return list;
      // I used the MySQL syntax; if it doesn't work : just enclose the values by single quotes
      private String buildQuery(int[] cert) {
          StringBuffer queryString = new StringBuffer("SELECT * from EMPLOYEE, EMPLOYEE_CERTIFICATE, CERTIFICATE" +
                  " WHERE employee_certificate.employee_id = employee.employee_id " +
                  "AND certificate.certificate_id = employee_certificate.certificate_id " +
                  "AND certificate.certificate_id IN ( ");
          queryString.append(cert[0]);
          for (int i = 1; i < cert.length; i++) {
              queryString.append(" ,");
              queryString.append(cert);
  queryString.append(" )");
  return queryString.toString();

• Using single quote in pl/sql

  I have a procedure that needs to execute a dynamic query.
  here is my brief code.
  sql_stmt := 'select * from test where default = '|| gc_default || ';
  this is just a part of my code. but the problem is that default column is varchar, so the "gc_default" variable should be wrapped with single quote. it should be like this. select * from career where job = 'DEFAULT';
  does anybody know?
  Thanks in advance.

  Use bind variables
  SQL> var c refcursor
  SQL> var gc_ename varchar2(20)
  SQL> declare
    2      s_sql varchar2(100);
    3  begin
    4      s_sql := 'select * from emp where ename = :x';
    5      open :c for s_sql using :gc_ename;
    6  end;
    7  /
  PL/SQL procedure successfully completed.
  SQL> print c
  no rows selected
  SQL> exec :gc_ename := 'MILLER'
  PL/SQL procedure successfully completed.
  SQL> /
  PL/SQL procedure successfully completed.
  SQL> print c
       EMPNO ENAME      JOB              MGR HIREDATE         SAL       COMM     DEPTNO
        7934 MILLER     CLERK           7782 23-JAN-82       1300                    10
  SQL> exec :gc_ename := 'KING'
  PL/SQL procedure successfully completed.
  SQL> /
  PL/SQL procedure successfully completed.
  SQL> print c
       EMPNO ENAME      JOB              MGR HIREDATE         SAL       COMM     DEPTNO
        7839 KING       PRESIDENT            17-NOV-81       5000                    10
  SQL>

• Conditional URL ( CASE )  within a Dynamic Query

  I need extra eyes or help in RE-FORMATTING the following SELECT STMT. My approach was to formulate the following query to get a functioning URL to the page that displayed the corrections made on that record (if it was corrected)...which I did. So now I'm trying to move the CASE portion into a dynamic query report. I'm having difficulties rewriting the CASE into the dynamic query due to placement of single-quotes. Is there an easy way to do this...or do I still need to find the correct placement of quotes? HELP!
  select "ID",
  "EMP_ID",
  "ENTRY_DATE",
  "JOB_TITLE",
  "START_DATE",
  "END_DATE",
  "MODIFIED_DATE",
  "lkup_1"."DESCRIPTION" as "Status",
  CASE
  WHEN rec_status = 'CR' -- corrected record
  THEN '<a href="'
                    || 'f?p=&APP_ID.:90:&SESSION.::&DEBUG.::'
                    || 'P90_RID,P90_TIMESTAMP:'
                    || rid ||',' || TO_CHAR(modified_date,'MM/DD/YYYY')
                    || ">'
  || 'See Update(s)'
  || '</a>'
  || '</a>'
  ELSE NULL
  END LINK,
  "lkup_2"."DESCRIPTION" as "Action",
  "CATEGORY",
  apex_item.checkbox(1,rid) as "Confirm"
  from "JOB_SUMMARIES",
  "LOOKUPS" "lkup_1",
  "LOOKUPS" "lkup_2"
  where "REC_STATUS" <> 'CF'
  and "REC_STATUS" = "lkup_1"."CODE"
  and "ACTION" = "lkup_2"."CODE"(+)
  Here is what I sort of come up with, but I'm getting dizzy looking at it so many times!
  ' CASE '||
  ' WHEN rec_status = ' || '''' || '''CR''' || '''' ||
  ' THEN ' || '''' || '<a href="' || '''' ||
           '            ||' || '''' || 'f?p=&APP_ID.:90:&SESSION.::&DEBUG.::' || '''' ||
           '            ||' || '''' || 'P90_RID,P90_TIMESTAMP:' || '''' ||
           '            ||' || ' id ||' || '''' || ''',''' || '''' || '|| TO_CHAR(modified_date,' || '''' || 'MM/DD/YYYY' || '''' || ')' || '''' ||
           '            ||' || '''' || ">' || '''' ||
  ' ||' || '''' || 'See Update(s)' || '''' ||
  ' ||' || '''' || '</a>' || '''' ||
  ' ||' || '''' || '</a>' || '''' ||
  ' ELSE NULL '||
  ' END LINK, '||
  I'm still getting an error which is:
  1 error has occurred
  * Query cannot be parsed within the Builder. If you believe your query is syntactically correct,
  check the ''generic columns'' checkbox below the region source to proceed without parsing.
  ORA-00905: missing keyword

  I still cannot get the insertion of the CASE to compile...I keep getting MISSING EXPRESSION error.
  1 error has occurred
  * Query cannot be parsed within the Builder. If you believe your query is syntactically correct,
  check the ''generic columns'' checkbox below the region source to proceed without parsing.
  ORA-00936: missing expression
  Here is my dynamic query and I want to place the CASE as indicated. The numerous quotes or the Q syntax is really messing up my attempts to get this page working. I have a dynamic query because I am allowing search parameters. And I thought it would be nice to have a LINK to another page that displayed changed column values if a user CORRECTED one of their records. All changes must be verified and accepted by a REVIEWER.
  declare
  q varchar2(32767); -- query
  w varchar2(4000) ; -- where clause
  we varchar2(1) := 'N'; -- identifies if where clause exists
  begin
  q := 'select "ID", '||
  ' "EMP_ID", '||
  ' "ENTRY_DATE", '||
  ' "JOB_TITLE", '||
  ' "START_DATE", '||
  ' "END_DATE", '||
  ' "lkup_1"."DESCRIPTION" as "Status", '||
  >WANT TO PLACE CASE RIGHT HERE
  ' "lk_up2"."DESCRIPTION" as "Action", '||
  ' "CATEGORY", '||
  ' apex_item.checkbox(1,rid) as "Confirm" '||
  ' from "#OWNER#"."JOB_SUMMARIES", '||
  ' "#OWNER#"."LOOKUPS" "lkup_1", '||
  ' "#OWNER#"."LOOKUPS" "lkup_2" '||
  ' where "REC_STATUS" <> ' || '''' || 'CF' || '''' ||
  ' and "REC_STATUS" = "lkup_1"."CODE" '||
  ' and "ACTION" = "lkup_2"."CODE"(+) ';
  if :P16_EMP_ID != '-1'
  then
  w := ' AND EMP_ID = :P16_EMP_ID ';
  we := 'Y';
  end if;
  if :P16_RECORD_STATUS != '-1'
  then
  w := w || ' AND REC_STATUS = :P16_RECORD_STATUS ';
  we := 'Y';
  end if;
  if :P16_CATEGORY != '-1'
  then
  w := w || ' AND CATEGORY = :P16_CATEGORY ';
  we := 'Y';
  end if;
  if we = 'Y'
  then q := q || w;
  end if;
  return q;
  end;
  Edited by: JSandoval on Aug 10, 2009 3:42 PM