This question already has an answer here:
Escaping a single quotation within SQL query
(1 answer)
Closed 7 years ago.
I have ruby script that includes a mysql insert that is working fine until it gets to a row that contains data containing an apostrophe. This row is also being populated using a variable and Im unsure how to escape the character so the insert will work successfully.
Any ideas?
Use the quote method on the connection object:
quote(value, column = nil)
API Documentation Link
Quotes the column value to help prevent SQL injection attacks.
Example:
my_name = ActiveRecord::Base.connection.quote("John O'Neil")
my_address = ActiveRecord::Base.connection.quote("R'lyeh")
query = "INSERT INTO companies (name,address) VALUES (#{my_name}, #{my_address})"
ActiveRecord::Base.connection.execute(query);
Original Post:
See this post: Escaping a single quotation within SQL query
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 4 months ago.
This line of code is no working, and I cannot for the life of me figure out what is wrong with it.
INSERT INTO teacher (email,password,admin) VALUES (deborah68#example.org,d%6AsQPq7y,1);
this wont run and says the error is near the end of the line
any help is appreciated, the schema is called at3
Why are you not enclosing the string/char data in single quotes ? Assuming they are of datatype varchar, you simply enclose them in single quotes and the command will work.
INSERT INTO teacher (email,password,admin) VALUES ('deborah68#example.org','d%6AsQPq7y',1)
Assuming your email and password are datatype of varchar, try putting '' between the values, or better you can use parameterized value if it's any backend code, try:
INSERT INTO teacher (email,password,admin) VALUES ('deborah68#example.org','d%6AsQPq7y',1);
This question already has answers here:
How to escape back ticks
(7 answers)
Closed 3 years ago.
I have the following sql code:
sqlStatement := `INSERT INTO listings (listing_key,lat,long)
VALUES(?,?,?)`
However, long is a reserved keyword in mysql so i need to escape the column. As in:
sqlStatement := `INSERT INTO listings (listing_key,lat,`long`)
VALUES(?,?,?)`
but that breaks the sql statement.
not sure how to resolve. theres a ton more columns so i need to use the multi line tick.
Both ugly, but you can do one of:
statement:=`INSERT INTO listings (listing_key,lat,`+"`long`)"
or:
statement:=strings.Replace(`INSERT INTO listings (listing_key,lat,^long^)`,"^","`",-1)
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 4 years ago.
I am trying to add rows to my table using the code below. I keep getting an error. I doesn’t like the colons and if I take them out (although I need them in there) it then doesn’t like the 356’s. If I remove them it then doesn’t like something else.
I am using phpMyAdmin and thought I was using MySQL but the error messages mention MariaDB.
BTW, the book I am working through shows ‘ ‘ around the values to be inserted but I have found I can only insert values surrounded by “ “.
What do I need to change to get this working in phpMyAdmin?
INSERT INTO colours (ID, ColourCode)
VALUES
(“356-30-127”, “356-30-127 : Red”),
(“356-30-128”, “356-30-128 : White”);
For data insertion you have to use " or ' in string type
check below query it works
create table colours (ID varchar(200),ColourCode varchar(200));
INSERT INTO colours (ID, ColourCode)
VALUES ('356-30-127', '356-30-127 : Red'),
('356-30-128', '356-30-128 : White');
http://sqlfiddle.com/#!9/2a14a8/1
This question already has answers here:
MySQL search and replace some text in a field
(7 answers)
Closed 5 years ago.
I have a table, and in one colu,m I store comma separated strings, like:
book, table, lamp (New)
need to write query loop through all the strings and remove
(New)
I think I can do it by first running a query to fetch results containing (New), then using PHP's REGEX, remove (New) and then update the the same row with new string. However this sounds a bit convoluted. Isn't there a way to do this with a single query?
There is a replace string function in mysql: https://dev.mysql.com/doc/refman/5.7/en/string-functions.html#function_replace
UPDATE <table> SET <column> = REPLACE(<column>,'(NEW)','')
Try it with select first to see if the result is what you want (you may want to remove the trailing space if new is always preceded by it)
This question already has answers here:
How to escape single quotes in MySQL
(19 answers)
Closed 5 years ago.
I have designed java application & mysql database. Textfield also allow to accept whole characters. MySQL database data collation is set to utf8-default & MySQL server version is 5.7. I can type ' character in textfield. But I cannot execute sql syntax with ' in my query.
ex. Name's is not working, but names is working.
Try using an extra ' character
If the name is O'Brain , use it as O''Brain
For example
Select * from employees where name like 'O''Brain'
Make sure you gave same name to your database column name, where you parsing value from the android app.
or
specify your code so we can get more idea.