myCommand2.CommandText = "INSERT INTO testimonials(name,email,testimonial,approved,time) VALUES ('" + exp.escString(txtName.Text) + "','" + exp.escString(txtEmail.Text) + "','" + txtTestimonial.Text + "','" + false + "','" + DateTime.Now + "')"; ok the form has a field txtTestimonial.Text these strings work when i submit them thoughthats all folksthat"s (double quotes) that\"sthat\"s these failthat's that's that\'s that\'s tried up to 7 just to make sure Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near 's'.Unclosed quotation mark after the character string ')'. I figure the " works because it ends up being ' " ' in the sql statement and it doesnt mind thatI tried researching this. I could not find any info stating that perhaps sql escapes things differently. I was on the assumption that in the sql itself the database would reconise the before the '.I read i can use html decode but it seems that then i will have to undecode everytime I read from the database and it could be a major pain if I am using a datagrid or something and a big mess. Any help would be greatly appreciated. Jim
I have a parameterized query. The parameters contain data from my tables. Some of the parameters could include single quotes. The single quotes are wreaking havoc in my parameterized query. How can I replace single quotes with double quotes inside of my SQL stored procedure?
I know that it's something similar to REPLACE(@variablename, '''''', ''''''''), but I can't get the number of quotes right.
All of the examples that I am seeing are converting the quotes inside of an application. This is not an option for me, as I am calling this stored procedure from a SQL job that will run daily.
I have some code (C#) that runs an SQL update query that sets thevalue of a column to what the user passes. So, this causes an errorwhen anything the user passes in has a ' character in it. I'm surethere's other characters that'll break it too. So, I was wondering,how do I get around this? Is there some commonly accepted regexpattern that will make the value safe to run in an SQL query? How canI take care of any values that need to be escaped?I'm not using any fancy ado.net objects:string sql= [whatever the user passes in]SqlConnection connection = newSqlConnection(ConfigurationManager.ConnectionStrin gs[Utils.GetConnectionString].ToString());connection.Open();SqlCommand command = connection.CreateCommand();command.CommandType = CommandType.Text;command.CommandText = sql;try{int result = command.ExecuteNonQuery();if (result != 1){Response.StatusCode = 500;Response.Write("The file has been uploaded, but wecould not update the DB");Response.End();}}catch (InvalidOperationException){Response.Clear();Response.Write("error");Response.StatusCode = 500;Response.End();}connection.Close();
Y'all:I am needing some way, in the SQL Server dialect of SQL, to escape unicodecode points that are embedded within an nvarchar string in a SQL script,e.g. in Java I can do:String str = "This is au1245 test.";in Oracle's SQL dialect, it appears that I can accomplish the same thing:INSERT INTO TEST_TABLE (TEST_COLUMN) VALUES ('This is a1245 test.");I've googled and researched through the MSDN, and haven't discovered asimilar construct in SQL Server. I am already aware of the UNISTR()function, and the NCHAR() function, but those aren't going to work well ifthere are more than a few international characters embedded within astring.Does anyone have a better suggestion?Thanks muchly!GRB-----------------------------------------------------------------------Greg R. Broderick Join Bytes!A. Top posters.Q. What is the most annoying thing on Usenet?---------------------------------------------------------------------
Much to my surprise and dismay, after burning hours and hours developing various SSIS packages to extract data from my SQL 2005 DB to CSV flat files, I found out the hard way that SSIS doesn't properly escape quotes (") in the data (my output file is required to have quotes as text qualifiers).
It seems like I'm pretty much forced to create derived columns to test for the existence of quotes in my data, then either escape them or replace them with another character.
This is really NOT COOL. Not only will this significantly hinder performance, it makes my packages a heck of a lot more complicated (especially when I'm exporting lots of text columns).
Am I doing something wrong, or does SSIS really not escape the text qualifier in a delimited flat file? If so, someone PLEASE tell me this will be fixed in the very near future.
I'm working on a script to produce XML. There are two parts to the XML: an envelope (called "message") and a payload ("payload). Here's an example of what the result should look like:
(Note that I had to add a space between the '&' and 'lt' and 'gt' to get it to post in the forum without the forum converting them back to < and >!)You can see that SQL escaped the < and >. Also the CDATA escape sequence is missing.I want to see < instead of & lt and > instead of & gt. Also, I need the CDATA escape sequence.
We are facing a problem while passing a string containing the "&" character into Full Text search CONTAINS predicate. The records that do have this character are not being returned by the search.
I'd like to raise two questions:
1) Is there any special way to escape this character? 2) Does FTS index it at all?
We have tried all known (to us) ways of escaping like doubling the character, using char(38), using ESCAPE etc..Nothing seem to work. Any help would be appreciated.
We have a .NET drop down, which gets populated as the user types in letters(last name). If the user types in the single quote we get the error about not escaping the single quote. Question is, which way would it be easier to fix, in the .NET code or in the SQL procedure? I am not to sure if we have full access to the source code since that is a 3rd party control, so if that is not feasible how would I fix that in the stored procedure? This is the current proc that we are using:
Code Snippet select @str = 'SELECT DISTINCT TOP ' + @Top + ' e.DisplayName as DbComboText, e.EmployeeID as DbComboValue FROM DepartmentDirectory.dbo.Employees ee INNER JOIN DataMart.dbo.Employees e ON ee.UIN = e.UIN WHERE e.LastName like ''' + @LastName + ''' AND e.FirstName like ''' + @FirstName + ''' ORDER BY e.DisplayName'
i'm using delphi 7 and have a query in which i'm trying to find namesthat have an apostrophe in them, i.e. "o'mally". my problem is thatwhen i write my select statement i can't get the quotes right. i getall types of errors no matter what i try. i get "missing right quote","invalid token" etc. i've tried using QuotedStr and nothing works.here is my current attempt in which i get an "invalid use of keyword.token: n'%'"sSQL := 'SELECT statenotified, notary_id, LastName, FirstName,' +' MiddleInitial, Indep, Book_number, Page_number,' +' CloseRec, TermBegins, TermEnds, DatePickedUp,FailedToQualify,' +' Notes, SOSLtrSent FROM notaries WHERE LastName LIKE '''+''+ edtLastName.Text+'+''%'' AND CloseRec = 1 order bylastname';
Hi Friends, I have stored names with ' s (Apostrophes) and without 's in the database(sqlserver).Example:O'Relly I tried to get the values with select statement like Dim str As String = Request.QueryString("Title") Dim query As String = "SELECT * FROM Test where title like '" + str + "'" Problem is getting the all the values from database except O'Relly just getting O other word Relly no..... What should do I and what code do I need ..?
I tried with the below code also Dim x As Long For x = 1 To Len(str) If Mid$(str, x, 1) = "'" Then str = str & "''" Else str = str & Mid(title1, x, 1) End If Next
I need help with a simple query. We have 86 entries with the City of O'Fallon in our db. How do I do this with the apostrophe in O'Fallon? Below is just to give an idea of what I want. Thanks. SELECT * FROM Organization WHERE City=O'Fallon
Can anyone tell me how to replace a single apostrophe in a record with a double apostrophe (in Query Analyzer, SQL7)? I've tried "select replace("d'","d'","d''")FROM RESORT" but it doesn't UPDATE the table.
Ok, I still have some uncertainty as to just exactly how this whole apostrophe thing works with databases. I understand that it is a reserved character and so when a sql query runs into one of these creatures it looks at it as something other than a normal character.
I am working primarily in vb/asp/sql server with a little bit of access. I am familiar with the instrinsic 'Replace' function and I use it but I still have occassional problems.
I would like any information I can get on just exactly why/how this thing works and how to work-around the apostrophe when writing to, reading from, and validating data from sql server/access/any databases.
I am having weird trouble with READING data from my Access database where the field has an apostrophe - but only when I display the field in a textbox.
For example, the field "Don't do this" becomes "Don" when my SQL query outputs the result:
OK so I need to use a dynamic SQL statement in a SqlDataSource object because I need to pass in the column name. I'm having trouble accounting for the apostophes I have to interpret literals within the statement. This is connecting to an Oracle database. This is what I originally tried... <asp:SqlDataSource ID="SqlDataSourceMine" runat="server" ConnectionString="<%$ ConnectionStrings:My_Connection_String %>" ProviderName="<%$ ConnectionStrings:My_Connection_String.ProviderName %>" SelectCommand="SELECT m.YIE, :selecteditem, m.ENDTIME FROM MyMAP.MAP_M_SUM m WHERE (m.GROUPID LIKE 'YC%' AND m.GROUPID NOT LIKE 'YCX%' AND m.ENDTIME >= SYSDATE-14)"> <SelectParameters> <asp:ControlParameter Name="selecteditem" ControlID="itemlabel" PropertyName="Text" Type="String" /> </SelectParameters></asp:SqlDataSource> And the second column returned as :selecteditem for the column name and the value of itemlabel.text (what I wanted to be the column that was queried) as the value in each of the rows of that column. So I tried dynamic SQL to put the value of itemlabel.txt as the column to be queried, but I'm not sure how to get the query to read the literals. How can I accomplish this? <asp:SqlDataSource ID="SqlDataSourceMine" runat="server" ConnectionString="<%$ ConnectionStrings:My_Connection_String %>" ProviderName="<%$ ConnectionStrings:MY_Connection_String.ProviderName %>" SelectCommand="EXEC('SELECT m.YIE, '+selectedbin+', m.ENDTIME FROM MMAP.MAP_M_SUM m WHERE (m.GROUPID LIKE '+paramlike+' AND m.GROUPID NOT LIKE '+paramnotlike+' AND m.ENDTIME >= SYSDATE-14)')"> <SelectParameters> <asp:ControlParameter Name="selectedbin" ControlID="binlabel" PropertyName="Text" Type="String" /> <asp:ControlParameter Name="paramlike" ControlID="Label1" PropertyName="Text" Type="String" /> <asp:ControlParameter Name="paramnotlike" ControlID="Label2" PropertyName="Text" Type="String" /> </SelectParameters></asp:SqlDataSource> This errors to "illegal variable name" Can someone help me out please? Thanks a lot. -steve
Hi all,I am not sure this question will belong to a sql group or .net.but the problem I have is, my data entry forms crashes when some enter a apostrophe character in one of the field. that field is of type varchar in sql server 2000.for ex, Ryan O'neill will crash the application. I have a drop down list of all my crew names in my form.what should I need to do to allow user to add apostrophe and not to have application crash?Please help it is very urgent.Thank You,
The end result: I need one of the columns in my result set (col2) to have a preceeding apostrophe (i.e., '001234 ).
The problem: I am building my query as a string and then using the EXEC() function to execute it. For example: SET @strSQL = 'SELECT col1, col2 FROM mytable' EXEC(@strSQL)
Just to tame any answers that might not be directed to the specific question, the query Must be built as a string and then executed.
I have been unable to obtain the solution and I am wondering if it is even possible?
I am having a problem trying to pull data that has apostrophe in them. How can I do this? I get this as an error
Msg 105, Level 15, State 1, Line 14 Unclosed quotation mark after the character string ''.
Select Name From Table Where Name IN (CHILDREN'S ANES ASSOCS-CHOP,CHILDREN'S HEALTHCARE-CHOP,CHILDREN'S PSYCH ASSOC-CHOP,CHILDREN'S SURGICAL ASSOC-CHOP)
Getting an error when i execute the query. select * from trio where ad_str1 like '%''
Server: Msg 105, Level 15, State 1, Line 1 Unclosed quotation mark before the character string '%' '. Server: Msg 170, Level 15, State 1, Line 1 Line 1: Incorrect syntax near '%' '.
In my datedabase I have some customers with the next name: 't Woud.
The problem is the apostrophe in my query for my drill through.
This is my query:
SELECT DISTINCT c.alias AS Client, p.Alias AS Periode, u.alias as Product, v.alias as Verschil, CAST(s.indicatie AS decimal(6, 2)) AS Indicatie, CAST(s.realisatie AS decimal(6, 2)) AS Realisatie, CAST(s.real_indic AS decimal(6, 2)) AS [Realisatie -/- Indicatie], CAST(s.indicatie_fin AS decimal(6,0)) AS [Indicatie Fin], CAST(s.realisatie_fin AS decimal(6,0)) AS [Realisatie Fin], CAST(s.real_indic_fin AS decimal(6,0)) AS [Realisatie -/- Indicatie Fin] FROM [BI_TZR].dbo.fact_clientsignaal s INNER JOIN [BI_TZR].dbo.dim_verschil v ON s.verschil = v.verschil INNER JOIN [BI_TZR].dbo.Dim_Periodewk p ON s.periode = p.Periode INNER JOIN [BI_TZR].dbo.dim_client_uren c ON s.client_id = c.id INNER JOIN [BI_TZR].dbo.dim_product u ON s.product = u.product WHERE (LEFT(p.Alias, 1) = 'p') AND (c.alias like '%794735%') and s.kplts <> '1583' ORDER BY s.product, s.periode
I try this: SELECT DISTINCT replace ( c.alias, 'd', '') AS Client, this works, for the caracter D. But know I want it for the caracter apostrophe.
How can I insert ' (Apostrophe) into sql table field ? Insert Into Table(Field) Values(?) After executing sql statement above, I want to see ' (apostrope) in field. Thanks
heyi'm having a problem with a stored procedure, to cut a long story short i need to replace apostrophe's in my text, like soSET @prOtherValue = REPLACE(@prOtherValue,''', '''')this doesn't work thowhats the work aroundcheers!!!!
