Stripping out single quotes

I pull names of businesses from a query and some of them have
single quotes in the name. I do a cfoutput query and embed those
results inside a google map. For some reason the businesses that
have the quotes will not display so I need to strip them out.
What's the best way to do this?

cf also has JSStringFormat() function that will escape quotes
in a text
string, making it js-safe...
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com/

Similar Messages

Removing Outer Single Quotes for WHERE IN Clause from Join(Parameters)

Hello,
I am passing a multi-valued parameter into a dataset from a TypeBusiness dropdown list:
=join(Parameters!prmTypeBusiness.Value,",")
Here is the dataset query behind the TypeBusiness dropdown parameter list:
SELECT type_bus_code, bus_desc
FROM business
WHERE (type_bus_code IS NOT NULL)
Here is the WHERE clause from the main dataset query (dsMainData) which gets the parameter values:
WHERE WEKAVG.BUSINESS_CODE IN(@prmTypeBusiness)
Here is the error I get when selecting values from the TypeBusiness dropdown list then previewing the report:
"Cannot read the next data row for the dataset dsMainData.
Conversion failed when converting the nvarchar value '1,2' to data type smallint."
The value is a small int coming from the dataset query behind the TypeBusiness dropdown list, and the data type in the column expecting this value (in the main dataset query) is also a small int.
I have tried many things, including a replace in the =join(Parameters!prmTypeBusiness.Value,","), a replace in the WHERE clause, a Split function, CAST to varchar, have researched this online and cannot solve this error.
If someone could please help me save what little gray hairs I have left I would greatly appreciate any help, suggestion or point in the right direction.
Thanks,
Buster

Thank you for the sample, but it returns no records. Is there something I need to change in this snippet you sent?
DECLARE @prmTypeBusiness VARCHAR(20) = '1,2,4' -- say selected parameter values
DECLARE @business TABLE (type_bus_code INT, bus_desc VARCHAR(20))
INSERT @business SELECT 1,'A'
INSERT @business SELECT 2,'B'
INSERT @business SELECT 3,'C'
INSERT @business SELECT 4,'D'
;WITH CTE1
AS
SELECT CAST(('<i><j>' + REPLACE(@prmTypeBusiness, ',', '</j></i><i><j>') + '</j></i>' ) AS XML) CSV
),CTE2
AS
SELECT CAST(i.query('./text()') AS VARCHAR(100))CSV
FROM CTE1
CROSS APPLY CSV.nodes('/i/j') As x(i)
SELECT type_bus_code,
bus_desc
FROM @business
WHERE type_bus_code IN (SELECT * FROM CTE2)
sathya - www.allaboutmssql.com ** Mark as answered if my post solved your problem and Vote as helpful if my post was useful **.

Handling single quote

I have a custom function in which I want to parse out any single quotes as they are causing problems further down in our process. Actually what I want the function to do is to find the first single quote, if it exists, then strip the single quote and the rest of the text out. Her is the function I am trying to use:
ifthenelse(
     index($InputText , '\'', 0) > 0,
          substr( $InputText, 0, index( $InputText , '\'', 0) -1),
          $InputText
$InputText is a varchar datatype and contains a sting which may or may not contain an single quote.
How does one look for a single quote in either a function like this or in a replace function?
Thanks,
Ryan

The error in the editor is that is not expecting the less than sign, but rather expecting a right parenthasis ) or a comma.
Error MSG:
[Function:CF_TruncateApostrophe]
(Ln 3) : Syntax error : near <>> found <>> expecting <')', ','>
I will try to encase the whole index statement for the test in parenthesis and see what happens.
Ryan

CFC stripping out quotes in JSON

Any anyone tell me why the quotes in a JSON string are being stripped out when it's passed to a CFC?
The post from a jqGrid is being sent to my CFC as:
filters{"groupOp":"AND","rules":[{"field":"state","op":"eq","data":"CT"}]}
When I dump out arguments.filters it shows:
{groupOp:AND,rules:[{field:state,op:eq,data:CT}]}
Why is my CFC doing that?

Never mind. I had some SQL Injection code that were stripping out the charcters. I thought about that after I took a break.

Backslashes getting stripped out of my regex

I am trying to automate some find/replace routines in dreamweaver using javascript.
dreamweaver.setUpFindReplace({
        searchString: '<table width="\d+',
        replaceString: '<table width="100%"',
        searchWhat: "document",
        searchSource: true,
        useRegularExpressions: true
    dreamweaver.replaceAll();
This query gets passed as: <table width="d+
Problem: when the query string is passed to the setUpFindReplace object, the backslashes get stripped out. Backslashes are key to regular expressions. How do I get them passed from JavaScript to Dreamweaver?
I am using CS6
Ben

I am still looking for a smart person to answer, but in case anyone else is having same problem I found a work-around.
I think Java uses the backslash as an escape character and so it is not passing it to Dreamweaver. The only thing I found that works is to set a variable with the regex text, and escaping all the backslashes, then passing the variable to Dreamweaver.
var myFind = '<table width="\\d+"'
dreamweaver.setUpFindReplace({
        searchString: myFind
        replaceString: '<table width="100%"',
        searchWhat: "document",
        searchSource: true,
        useRegularExpressions: true
    dreamweaver.replaceAll();
Note: double backslash \\d+ and single quotes ' " " ' used because query string contains double quotes.
I tried escaping the double quotes in the search string \" but this did not work for the same reason.
Ben (not a Java developer)

Dynamic SQL and Data with Single Quotes in it.

Hi There,
I have a problem in that I am using dynamic SQL and it happens that one of the columns does contain single quotes (') in it as part of the data. This causes the resultant dynamic SQL to get confused as the single quote that is part of the data is taken to mean end of sting, when in fact its part of the data. This leaves out a dangling single quote that was meant to enclose the string. Here is my dynamic SQL and the result of the parsed SQL that I have captured:
****Dynamic SQL*****
l_sql:='select NOTE_TEMPLATE_ID '||
'FROM TMP_NOTE_TEMPLATE_VALUES '||
'where TRIM(LEGACY_NOTE_CODE)='''||trim(fp_note_code)||''' '||
'and TRIM(DISPLAY_VALUE)='''||trim(fp_note_text)||''' ';
execute immediate l_sql INTO l_note_template_id;
Because the column DISPLAY_VALUE contains data with single quotes, the resultant SQL is:
******PARSED SQL************
select NOTE_TEMPLATE_ID
FROM TMP_NOTE_TEMPLATE_VALUES
where TRIM(LEGACY_NOTE_CODE)='INQ' and TRIM(DISPLAY_VALUE)='Cont'd'
And the problem lies with the single quote between teh characters t and d in the data field for DISPLAY_ITEM. How can I handle this?
Many thanks,

I have been reliably informed that if one doesn't enclose char/varchar2 data items in quotes, the right indices may not be usedI am into oracle for past 4 years and for the first time i am hearing this.
Your reliable source is just wrong. Bind variables are variables that store your value and which are used in SQL. They are the proper way to use values in your SQL. By default all variables in PL/SQL is bind variable.
When you can do some thing in just straight SQL just do it. Dynamic SQL does not make any sense to me here.
Thanks,
Karthick.

Intermittent error on login page when username is entered as a single quote( ' ) and tab is pressed.

Hi All,
We have an ADF based portal application which has a login page with Username and Password inputText field.
When we type a single quote( ' ) in the Username field and press tab to go to the Password field an error is thrown saying "A connection to the server has failed" and this window does not close if we click on ok or the close option of the popup.
This is causing serious problems for us. It would be great if anyone could help us out as to why this is happening or if anyone has experinced the same issue.
Thanks,
Tanya

Hey Frank,
Sorry for the delayed reply. Since the issue was a high priority one and had to fix it ASAP we didn't have time to analyse it further.
We just inserted a javascript that prevented the form from getting submitted if a single quote is entered in the inputText field.
So far it has worked for us.
Thanks for your help though.
Tanya

How to copy item value that contain a single quote(')?

Hi,
I have one "Copy" button in a APEX form. When user clicks it, it simply copy the item's values from the form to a new form by using APEX provided function behind the button- "Set these item values with these values". It is simple and works fine in normal cases. However, see, we have a text field called "Product Details", user types in for example "Oracle's new vision". When I click COPY button, APEX try to copy the text in "Product Details" field from this form to a new form but it returns error because of that single quote. Is there any way I can do something to replace that single quote with two single quote like we usually do in PL/SQL in the place "Set these item values with these values" of APEX button? I tried REPLACE(#P66_PRODUCT_DETAILS#., '''', '''''') but not work. I saw someone in the forum meantioned that to use something like "/#P66_PRODUCT_DETAILS#/" to get around. Any one with success?

Thanks. I think it should work this way. However, our form has about 20 ~30 text fields, I have to create 20~30 hiddle fields to handle the problem because I never know which field could contain a single quote. Ideally, a new version of APEX should have the functionality to deal with the problem when using "set values with those values" method. At least, it should provide some kind of interaction for user to get away from single quote or comma or column etc.
What I did is to get out of APEX native function and to create a new records in background by PL/SQL using record id that passed in from APEX form. It works perfectly. Although, user can only edit the record after it is created, not as user friendly as "Copy first-look at it-edit it-then create it" I originally planed.
Thanks for your help,

Column Template conditions foiled by a single quote

I am using a generic column template and have a few pl/sql conditions to shade different rows like so:
'#1' like '%Total%'This worked fine until an employee's name appeared in the first column with a single quote in his last name (like O'Brien). Well apparently Apex literally takes whatever is in the field and just shoves it in between the single quotes because the single quote is terminating the string as if you were doing this in sql instead of making it a bind variable:
'O'BRIEN' like '%Total%'Which results in this friendly message to the users:
ORA-06550: line 1, column 65: PLS-00103: Encountered the symbol "BRIEN" when expecting one of the following: ) , * & | = - + < / > at in is mod remainder not rem => .. <> or != or ~= >= <= <> and or like LIKE2_ LIKE4_ LIKEC_ as between from using || multiset member SUBMULTISET_
Error ERR-1025 Error processing PLSQL expression. 'O'BRIEN, JOHN P ' like '%Total%' Can someone from the Apex team confirm that this is the issue? I know I could do a replace on the single quote in my sql, but can't figure out how to escape the '#1#' properly so I don't have to do a replace. I also don't really want to use the Carl Backstrom approach of having to code in a class into the sql when these templates work for 99% of what I need to do.
Any ideas?

Dude you rock! I tried about 6 different combos of the q function before I got frustrated and posted. I had too many quotes in mine I guess but that works perfectly.
Thanks again!

REGEXP_LIKE help with literal single-quote

I'm trying to write a check constraint to validate email addresses that may include an apostrophe in the email address. Such as joe.o'[email protected] Here is my sample setup:
create table emails
( email_address varchar2(150)
insert into emails values('[email protected]') ;
insert into emails values('[email protected]') ;
insert into emails values('joey.o''[email protected]') ;
commit;
sql> select * from emails;
EMAIL_ADDRESS
[email protected]
[email protected]
joey.o'[email protected]
alter table emails add constraint email_address_format_ck
CHECK ( REGEXP_LIKE ( email_address, '^[a-z0-9._%-]\'?+@[a-z0-9._%-]+\.mil$','c'));
ERROR at line 2:
ORA-00911: invalid characterIt doesn't like *\'?*
My understanding is this means one or more single-quotes. Anyone know the correct syntax to accept apostrophes?

Hi,
jimmyb wrote:
... insert into emails values('joey.o''[email protected]') ;
That's the correct way (actually, that's one correct way) to include a single-quote in a string literal: use 2 single-quotes in a row.
... alter table emails add constraint email_address_format_ck
CHECK ( REGEXP_LIKE ( email_address, '^[a-z0-9._%-]\'?+@[a-z0-9._%-]+\.mil$','c'));Here, the 2nd argument to REGEXP_LIKE is a string literal, just like 'joey.o''[email protected]' was a string literal.
To include a single-quote in the middle of this string literal, do the same thing you did before: use 2 of them in a row:
CHECK ( REGEXP_LIKE ( email_address, '^[a-z0-9._%''-]+@[a-z0-9._%-]+\.mil$','c'));There were a couple of other problems, too.
I'm sure you meant for the apostrophe to be inside the square brackets. Inside square brackets, \ does not function as an escape character. (Actually, single-quote has no special meaning in regular expressions, so there's no need to escape it anyway.)
I'm not sure what the '?' mark was doing; I left it out.
Of course, you'll have trouble adding the CHECK constraint if any existing rows violate it.
Edited by: Frank Kulash on Feb 10, 2012 6:52 PM

Any way to generate a single quote (') with XSLT?

Hi:
I guess this is really an XSLT question. I'm using the Transform() method of an XMLType variable to apply a style sheet. The XML in the variable is just something simple like
<TBL>
<LAST_NAME>LIKE|JONES</LAST_NAME>
<FIRST_NAME>=|MARY</FIRST_NAME>
<AGE>=|50</AGE>
</TBL>
I am trying to get a stylesheet to transform something like the above into SQL such as
Select * from foo where LAST_NAME like 'JONES'
and FIRST_NAME ='MARY'
and AGE = 50But to do this, I need to generate the single quotes around the search terms and I can't get anything but LAST_NAME LIKE 'JONES'. Is there a way to do this? For now I am generating a ~ and replacing ~ for ' throughout the generated SQL text but that's a pretty sorry solution.
I thought that something like <xsl:text disable-output-escaping="yes">&</xsl:text> was going to work but then found out it has been deprecated. I was thinking character-map might work but that's an XSLT 2.0 thing and apparently 10g is on XSLT 1.0? In any case, it had no idea what I was trying to do with a character map.
So, am I overlooking an obvious way to get my stylesheet to insert apostrophes?
Thanks.

It's 10.2.0.4.
Here's the procedure that accepts the XML/XSL clobs and tries to produce a SQL statement.
PROCEDURE GetSQLQueryFromXML(XMLClob in CLOB, XSLStylesheet in CLOB,
            SQLQuery out CLOB, status out integer) IS
    -- Define the local variables
xmldata               XMLType; -- The XMLType format of the XML to transform
xsldata               XMLType; -- The XMLType format of the stylesheet to apply
sqlQuery_XMLType      XMLType; -- The XMLType format of the SQL query.
v_SQLQuery            Clob;     -- Holds XML Clob before translating ~ to '
BEGIN
status := -1; -- Initially unsuccessful
-- Get the XML document using the getXML() function defined in the database.
-- Since XMLType.transform() method takes XML data as XMLType instance,
-- use the XMLType.createXML method to convert the XML content received
-- as CLOB into an XMLType instance.
xmldata := XMLType.createXML(XMLClob);
-- Get the XSL Stylesheet using the getXSL() function defined in the database.
-- Since XMLType.transform() method takes an XSL stylesheet as XMLType instance,
-- use the XMLType.createXML method to convert the XSL content received as CLOB
-- into an XMLType instance.
xsldata := XMLType.createXML(XSLStylesheet);
-- Use the XMLtype.transform() function to get the transformed XML instance.
-- This function applies the stylesheet to the XML document and returns a transformed
-- XML instance.
sqlQuery_XMLType := xmldata.transform(xsldata);
-- Return the transformed XML instance as a CLOB value.
v_SQLQuery := sqlQuery_XMLType.getClobVal();
-- Change tildas to apostrophes. Currently unable to get an XSLT transformation
-- to insert single quotes, so we're inserting ~ instead. Now we need to
-- translate all ~s to 's in our query.
SQLQuery := translate(to_char(v_SQLQuery),'~','''');
status := 1; -- Everything went fine to get here
EXCEPTION
WHEN OTHERS THEN
    raise_application_error
    (-20102, 'Exception occurred in GetSQLQueryFromXML :'||SQLERRM);
END GetSQLQueryFromXML;The XML it works off of is
    someXML CLOB :=
    to_clob('<?xml version="1.0" encoding="windows-1252" ?>
<variable table_name="SOME_PERSON_TABLE" query_type="PERSON">
<item>
    <fieldName><![CDATA[PERSON_KEY]]></fieldName>
    <criteria><![CDATA[=]]></criteria>
    <fieldType><![CDATA[Integer]]></fieldType>
    <value><![CDATA[123456789]]></value>
</item>
<item>
    <fieldName><![CDATA[LAST_NAME]]></fieldName>
    <criteria><![CDATA[=]]></criteria>
    <fieldType><![CDATA[String]]></fieldType>
    <value><![CDATA[DOE]]></value>
</item>
<item>
    <fieldName><![CDATA[FIRST_NAME]]></fieldName>
    <criteria><![CDATA[=]]></criteria>
    <fieldType><![CDATA[String]]></fieldType>
    <value><![CDATA[JOHN]]></value>
</item>
<item>
    <fieldName><![CDATA[MIDDLE_NAME]]></fieldName>
    <criteria><![CDATA[-]]></criteria>
    <fieldType><![CDATA[String]]></fieldType>
    <value />
</item>
<item>
    <fieldName><![CDATA[SUFFIX]]></fieldName>
    <criteria><![CDATA[-]]></criteria>
    <fieldType><![CDATA[String]]></fieldType>
    <value />
</item>
</variable>');And the corresponding XSLT that should translate it is:
myStylesheet CLOB :=
to_clob('<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">


<xsl:output method="text" omit-xml-declaration="yes" indent="no"/>


<xsl:variable name="apos">~</xsl:variable>
<xsl:template match="/">
    select * from
    <xsl:value-of select="variable/@table_name"/>
    where 1=1
    <xsl:for-each select="variable/child::node()">
      <xsl:choose>
        
        <xsl:when test="./value/text()[normalize-space(.)]">
        
          AND <xsl:value-of select="./fieldName"/>
          <xsl:text> </xsl:text>
          <xsl:value-of select="./criteria"/>
          <xsl:text> </xsl:text>
          <xsl:choose>
            <xsl:when test="string(./fieldType)=''String''">
              <xsl:copy-of select="$apos" />
              <xsl:value-of select="./value"/>
              <xsl:copy-of select="$apos" />
            </xsl:when>
            <xsl:when test="string(./fieldType)=''Clob''">
              <xsl:copy-of select="$apos" />
              <xsl:value-of select="./value"/>
              <xsl:copy-of select="$apos" />
            </xsl:when>
            <xsl:otherwise>
              <xsl:value-of select="./value"/>
            </xsl:otherwise>
          </xsl:choose>
        </xsl:when>
      </xsl:choose>
    </xsl:for-each>
</xsl:template>
</xsl:stylesheet>');Basically if the VALUE element has a value then the fieldType is checked. If fieldType is String or Clob then we'll need the apostrophes. For now I'm putting in tildas and changing them later.

Replace a string single quote(') with underscore(_)

I have more than 100 tables in a schema.
I have to find out if a string has a single quote in the column and replace it with an underscore.
I have 2 columns CREATE_USER and UPDATE_USER in all the tables. Now i want to update the values if the string has a single quote in it.
I tried it with execute immediate but it is not allowing underscore in the statement.
DECLARE
   v_table_name    VARCHAR2 (30);
   v_column_name   VARCHAR2 (30);
   CURSOR c_name
   IS
      SELECT DISTINCT table_name, column_name
                 FROM user_tab_cols
                WHERE column_name IN ('LOGIN', 'CREATE_USER', 'UPDATE_USER')
                  AND table_name NOT LIKE '%JN';
BEGIN
   FOR rec IN c_name
   LOOP
      v_table_name     := rec.table_name;
      v_column_name    := rec.column_name;
      EXECUTE IMMEDIATE    'update '
                        || v_table_name
                        || ' set '
                        || v_column_name
                        || ' = REPLACE('
                        || v_column_name
                        || ','''',"_") where '
                        || v_column_name
                        || ' like "%''%"';
   END LOOP;
END;
/i am getting the below error:
ORA-00904: "%'%": invalid identifier
ORA-06512: at line 17Can anyone let me know what is the error in the statement and how to overcome it

please try to replace your execute immediate with:
EXECUTE IMMEDIATE 'update '
                        || v_table_name
                        || ' set '
                        || v_column_name
                        || ' = REPLACE('
                        || v_column_name
                        || ','''''''',''_'') where '
                        || v_column_name
                        || ' like ''%''''%''';You can check the statement when you take a look at the construction before like this:
declare
v_sql varchar2(1000);
begin
   v_sql:= 'update '
                        || v_table_name
                        || ' set '
                        || v_column_name
                        || ' = REPLACE('
                        || v_column_name
                        || ','''''''',''_'') where '
                        || v_column_name
                        || ' like ''%''''%''';
   dbms_output.put_line(v_sql);
   execute immediate v_sql;
   ...Edited by: hm on 23.11.2010 01:43

Replace Single Quote with double quote

Hi All,
I have a String s="help'me'to'replace";
i want to replace single quote( ' ) in to double quote ( " )
The final out put should be like this help"me"to"replace
( Actually this string i have to pass in to an XML )
Please help any one

s.replaceAll("'","\"");{code}
or just one of the String#replace() methods.
Edited by: sabre150 on Mar 17, 2009 11:48 AM

Replacing " (double quote) with ' (single quote)

Hi there,
I have the following method to manipulate user input. All I want to do is, to replace the double quote with a single quote. The implementation I tried was,
this.replace(desc, "\"", "'");
This does not work for me. It jsut removes the double quote and does not introduces the single quote. Could any one please advise?
Thanks,
Des
public static String replace(String line, String oldString, String newString) {
          if(line != null && oldString != null && newString != null) {
               int index = 0;
               while ((index = line.indexOf(oldString, index)) >= 0) {
                    line = line.substring(0, index) +
                         newString +
                         line.substring(index + oldString.length());
                    index += newString.length();
          return line;
     }

Bad luck.. I am unable to get it still.
This is the code I am using (implemetation is in a JSP. I am using this code to test it).
public class Test{
public static void main(String args[]){
     String s = args[0];
     Test t = new Test();
     String doubleQuote = "\"";
     System.out.println(" output :"+ t.replace(s,doubleQuote,"'"));
     //System.out.println(" output :"+ t.replace(s,"\"","'"));
     //System.out.println(" output :"+ t.replace('"', '\''));
public static String replace(String line, String oldString, String newString) {
          if(line != null && oldString != null && newString != null) {
               int index = 0;
               while ((index = line.indexOf(oldString, index)) >= 0) {
                         System.out.println(" line count :");
                    line = line.substring(0, index) +
                         newString +
                         line.substring(index + oldString.length());
                    index += newString.length();
          return line;
}mshn02
The main problem is I am stuck with the server's version of Java (which I have no control on it). I could not use 1.4.2

RWRUN60: Problem with parameter value containing space between single quote

Hi All
I'm using RWRUN60 to generate my report by following way:
C:\orant\BIN\RWRUN60.EXE userid=DBUser/dbpasswor@db BACKGROUND="NO" BATCH="YES" DESFORMAT="pdf" DESNAME="C:\report.pdf" DESTYPE="FILE" ORIENTATION="LANDSCAPE" PARAMFORM="NO" P_REPORTID="2431" P_REPORTNAME="Report Name" report="C:\report.rdf" P_WHERE="StartDate>=to_date('2011-07-14 10-37-00','YYYY-MM-DD HH24-MI-SS')"
When I tried to run given command above nothing was executed executed and any log didnt created.
I found out that problem occurs when text between two single quotes contains spaces. In my case it is a parameter P_WHERE. I need to keep such format because it is part of report query.
When I removed last parameter from command RWRUN60 successfully genereate pdf document.
Further I added new test parameter P_TEST(it is ignored by rdf) in the end of command line following:
P_TEST="test '11'" - rwrun60 generates report
P_TEST="test '1 1'" - rwrun60 doesn't; generate report
Can somebody help how to resolve given problem. Is it parsing bug or what else?

Spaces on command lines a very often a bad idea. Get rid of them by changing the command, e.g.:
to_date('2011-07-14:10-37-00','YYYY-MM-DD:HH24-MI-SS')

Stripping out single quotes

Similar Messages

Maybe you are looking for