How can I include parentheses inside string using string literals in mysql? - mysql

Problem
I'm trying to alter a variable to my desired string which includes a set parentheses. When doing so, it's trims off the closing parenthesis. I believe I have to include string literals but unsure on how to do so for my particular scenario.
Script (Partial)
...
IF col_datatype = 'varchar' THEN
SET col_datatype = 'varchar(30)';
SELECT col_datatype;
END IF;
SELECT col_datatype;
...
Output

Try using the backquote `. This is used when you wish to insert non-formatted strings into the database.

Related

How to replace strings in MySQL that contains backslashes

I try to replace strings in MySQL table from:
href=\"example.com\"
to
href=\"https://example.com\"
I know correct query how to search and update string, it is works perfectly, until I try to change string with backslashes. Nothing doesn't work:
UPDATE `articles` SET `text` = REPLACE(`text`, 'href=\\\\"example.com\\\\"', 'href=\\\\"https://example.com\\\\"') WHERE `text` LIKE '%href=\\\\"example.com\\\\"%'
Of course I tried different variants and combinations with escaped and not escaped backslaches, with clause WHERE and without it. These all variants doesn't work. Nothing changes at all!
Also, when I pre-run this query in PHPMyAdmin (section "Find and Replace"), it correctly finds all articles that contains href=\"example.com\", but Replaced string shows me the same content as Original String.
My CMS, which has also built-in function for search and replace strings, also can't change strings with backslashes.
I'm totally stuck with this problem.
You put too much backslash on the replace search string so the string is not found. double backslash are stored as one backslash in the table, so you need to use 2x backslash when replacing the string and 4x backslash when doing search in where clause.
see demo here; http://sqlfiddle.com/#!9/c1e0eb/1
update articles
set text =
REPLACE(`text`, 'href=\\"example.com\\"', 'href=\\"https://example.com\\"')
where text like '%href=\\\\"example.com\\\\"%'
This is the query you want to update;
UPDATE `articles`
SET `text` = REPLACE(`text`, 'href=\\"example.com\\"', 'href=\\"https://example.com\\"')
WHERE `text` LIKE '%href=\\\\"example.com\\\\"%'

How to use UPDATE in MySQL with string containing escape characters

please look here:
UPDATE cars_tbl
SET description = '{\rtf1'
WHERE (ID=1)
Description field is "blob", where my RTF document is to be stored.
When I check updated data I always find
{
tf1
\r simply disapears. I tried to find solution on the web, but no success. My rtf files are corrupted on many places, because the escape characters used in the string are substituted. How to suppress this substitution and update field with string as is?
Thanx for advice
Lyborko
Backslash is an escape character, so to keep it you need a double backslash:
UPDATE cars_tbl
SET description = '{\\rtf1'
WHERE (ID=1)
As an aside \r is a carriage return.. and it hasn't disappeared in your data; it is responsible for tf1 appearing on the line below the {.
You can achieve this with a more generic approach
use of QUOTE() in mysql
MySQL QUOTE() produces a string which is a properly escaped data value in an SQL statement, out of an user supplied string as argument.
The function achieve this by enclosing the string with single quotes, and by preceding each single quote, backslash, ASCII NUL and control-Z with a backslash.
example
UPDATE cars_tbl
SET description = QUOTE('{\rtf1')
WHERE (ID=1)
UPDATE
to escape your RTF you can also just use REPLACE this way all your \ will become \\
Example
UPDATE cars_tbl
SET description = REPLACE('{\rtf1', '\', '\\')
WHERE (ID=1)

DECODE Function in SQL

I am trying to insert the following query and I get syntax errors. Can you please help me with the below query:
INSERT INTO ABCTABLE (COLUMN1) values ('DECODE(MDSE_CD,NULL,'0000000000000000',LPAD(TO_NUMBER(MDSE_CD,'16',' '))');
Since you haven't really said anything other than "this query doesn't work, fix it", I have to take a stab in the dark what you want. From the query you have, I'm therefore guessing you want the value of the column to be DECODE(MDSE_CD,NULL,'0000000000000000',LPAD(TO_NUMBER(MDSE_CD,'16',' '))
In which case, you have to escape the single quotes within your string literal. Do this by doubling up the quotes:
INSERT INTO ABCTABLE (COLUMN1)
VALUES ('DECODE(MDSE_CD,NULL,''0000000000000000'',LPAD(TO_NUMBER(MDSE_CD,''16'','' ''))')
Try properly escaping the inner single quotes
INSERT INTO ABCTABLE (COLUMN1)
VALUES ('**DECODE**(MDSE_CD,NULL,''0000000000000000'',**LPAD**(TO_NUMBER(MDSE_CD,''16'','' ''))');
The problem is the use of quote marks. If we tried to break up your query it would look like this:
INSERT INTO ABCTABLE
(COLUMN1)
values
(
'DECODE(MDSE_CD,NULL,'
0000000000000000
',LPAD(TO_NUMBER(MDSE_CD,'
16
','
'))'
);
...which clearly makes no sense.
You might want to think about how to escape a quote mark inside a string.
Sql Server:
DECOD function in Sql Server can be replaced with CASE construct
LPAD function in Sql Server has not a direct correspondence but you can pad your string using string manage function REPLACE (replicate a character a number of specified times)
My Sql:
DECOD function in MySql can be replaced with CASE construct
LPAD function in MySql is existent
What do you want to store... a string literal 'DECODE(MDSE...))', or did you want to call a function to derive a value?
To store a string literal containing single quotes, you need to "escape" each single quote within the string with an extra single quote, e.g.
O'Hare Int'l ==> 'O''Hare Int''l'
The DECODE function is Oracle specific. That expression will need to be rewritten using different functions in both MySQL and SQL Server.

Replace in mysql database

I have a question about replacement a particular string in mysql but one part of the string is is changed every time e.g
"(my string to replace 1224:2)"
"(my string to replace 134:4)"
"(my string to replace 1824:9)"
"(my string to replace 14:2)"
I can change first part of string using this query
update dle_post set short_story = replace(short_story,'(my','( my');
but how to replace other parts like 1224:2) , or 14:2) or any other part that ends with a number 1,2,3.. and a ). I can not use bracket ")" because it is used on many other places.
Not the most elegant way, but...
update dle_post
set short_story =
replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(
short_story,
'0)','0 )'),'1)','1 )'),'2)','2 )'),'3)','3 )'),'4)','4 )'),'5)','5 )'),'6)','6 )'),'7)','7 )'),'8)','8 )'),'9)','9 )');
Regular expressions should work in this kind of case. Take a look related question: How to do a regular expression replace in MySQL?

passing string in a query to MySQL database in MATLAB

I am using MySQL with MATLAB, and I want to get a name from user, and pass it to the table in mySQL, but it is rejecting a variable name in place of string
var_name=input('enter the name:');
mysql('insert into table (name) values (var_name)');
Any suggestions?
FIRST read the comments to this question - you don't want to shoot yourself in the foot with a mysql injection security problem. You have been warned. Now, to solve your current problem, without addressing the security risk of the whole approach when it comes to building SQL queries, read on...
In principle Amro has already posted two solutions for you which work, but since you have not accepted it I'll explain further.
Your problem is that you are not telling MATLAB which parts of your query it should interpret as a literal string, and which parts it should interpret as a variable name. To solve this, you can just end the literal string where appropriate, i.e. after the opening brackets, and then start them again before the closing brackets.
In between those literal strings you want to add the contents of your variables, so you need to tell MATLAB to concat your literal strings with your variables, since the mysql command probably expects the whole query as a single string. So in essence you want to take the string 'insert into table(' and the string saved in the variable name and the string ') values (' and so on and glue them into one big string. Amro and Isaac have shown you two solutions of how to do this without much explanation:
horzcat('insert into table (', name, ') values (', var_name, ')')
uses the function horzcat, while
['insert into table (' name ') values (' var_name ')']
uses the fact that MATLAB treats strings as arrays of characters so that you can just use square brackets to form a large array containing the strings one after the other.
The third solution, offered by Amro, is a bit more sublte:
sprintf('insert into table (%s) values (%s)',name,var_name)
It tells the function sprintf (which is made for that purpose) "take the string which I supply as first parameter and replace occurences of %s with the strings I supply as the following parameters. This last technique is in particular useful if you also need to insert numbers into your string, because sprintf can also convert numbers to string and allows fine control over how they are formatted. You should have a close look at the help page for sprintf to know more :-).
Try this instead:
mysql(['insert into table (' name ') values (' var_name ')']);
or even:
mysql(sprintf('insert into table (%s) values (%s)',name,var_name));
I believe the problem you are having is the same as the one in this other question. It sounds like you want to create a command string that itself contains a ' delimited string, which would require you to escape each ' with another ' when you create your command string (note the first example in this string handling documentation). Note also you may want to use the 's' option for the INPUT function:
var_name = input('Enter the name: ','s'); %# Treats input like a string
commandString = sprintf('insert into table (name) values (''%s'')', var_name);
%# Note the two apostrophes --^
mysql(commandString);
If I were to enter Ken for the input, the string commandString would contain the following:
insert into table (name) values ('Ken')
And of course, as others have already mentioned, beware injection vulnerabilities.