I have another query about my database, I'm using Codeigniter and wheneve I get the data using span and saving it to my MySQL database it inludes a \n in the data and that causes error. Why is that so? here is the problem
VALUES('\n16', 'SMDC')`
but Im onlu getting the value of 16 in my column where it is set to span.
well \n is a special character for mysql and other languages and it means: end of line (character line). you have to escape that kind of characters using another backslash "\" before them.
See this: http://dev.mysql.com/doc/refman/5.0/en/string-literals.html
For you with codeigniter an example is this:
$search = '\n16';
$sql = "SELECT id FROM table WHERE column LIKE '%".$this->db->escape_like_str($search)."%'";
See this for more info:
http://ellislab.com/codeigniter/user-guide/database/queries.html
Related
I'm encountering the character %C2%92 in a bunch of MySQL records and looking to replace it with a single quote.
Something like this:
update
tablename
set field = replace(field, UNHEX('92'), "'")
where field RLIKE UNHEX('92')
Any ideas on how to actually accomplish this?
What comes right before/after the C292? Although that looks like a UTF-8 encoding, I don't recognize it.
You really should go back to where the data came from and avoid "url-encoding" the string. (cf PHP's urlencode()). If you are using PHP, then urldecode() will undo the mess: Fetch the row, field = urlencode(field);, then UPDATE the row in the database.
So i have some Unicode(Arabic) text data stored in a Mongoid model and i want to insert it into a mysql database. I had to use gsub to escape single quotes as that was causing me SQL insertion errors.
text = model.text.squish().gsub("'", %q(\\\'))
db_con.query("insert into table (text) values ('#{text}')")
Now my problem is when i view the data at phpmyadmin this what i see
اليوم.. ملايين الهوات٠تودع "واتساب"
للأبد
I tried adding force_encoding('UTF-8') but that didn't change anything, i also tried escaping with str.dump but that transformed the data into Unicode code points like u{243} when viewed in phpmyadmin. How can this be fixed.
Fixed it by executing this query before insertion "SET CHARACTER SET 'UTF8'"
text = model.text.squish().gsub("'", %q(\\\'))
db_con.query("SET CHARACTER SET 'UTF8'")
db_con.query("insert into table (text) values ('#{text}')")
I have some faulty PHP code which inserted literal \r\n characters into the database instead of the special characters representing new line and carriage return. Can anyone help me come up with a query that will replace the literals with the special characters?
Here's an SQL Fiddle setup. All I really need is something that will return the row containing "abc\r\ndef" rather than the other row. It's probably a very simple escape that's needed, but I can't work it out.
http://sqlfiddle.com/#!9/1f2acb/1
Once I have that query I guess I will simply use
UPDATE test SET txt replace(txt, 'UNKNOWN EXPRESSIOn', '\r\n');
I'm running MySQL 5.5 on Ubuntu.
The answer was in a similar question that juanvan linked to.
UPDATE test set txt = replace(txt,'\\r\\n','\r\n');
Having followed some tips on escaping apostrophes I am getting an unexpected combination of escape characters in the resulting sql statement. The following rails 4 active record statement is run against 5.5.42-MariaDB:
User.where(["surname LIKE ?", "%#{params[:search]}%"])
Where
params[:search] = "O'Keefe"
A .to_sql generates
SELECT * FROM users WHERE surname LIKE '%O\\'Keefe%'
MySQL/MariaBD expects an apostrophe to be escaped as two single apostrophes '' , or with a single backslash \' so this results in a syntax error. I am looking for help to understand why two backslashes \\' are appearing, and for a solution that will maintain protection against SQL injection.
UPDATE
After further investigation following suggestions below, it appears as though the console .to_sql output SELECT * FROM users WHERE surname LIKE '%O\\'Keefe%' is not what is passed onto MySQL. It failed for me 'cos I simply copied the statement into a mysql console to test execution. There is some black magic on route to the database that converts the double backslash \\' into a valid mysql escape sequence.
So problem 1/2 solved
User.where(["surname LIKE ?", "%#{params[:search]}%"])
is valid syntax that correctly auto-escapes the user input string. But can anyone shed any light on the reason for the generation of the double backslash and how it is modified on its way to database execution?
Try this:
User.where(["surname LIKE ?", "%#{params[:search].gsub("'", "''")}%"])
http://dev.mysql.com/doc/refman/5.0/en/string-literals.html#character-escape-sequences
I have moved a WordPress site from a local server to a remote server and a number of the image paths contained in posts are incorrect.
I want to batch change them by running a search/replace query in phpMyadmin but as the text contains a colon it keeps failing. What is the correct syntax to escape the colon and run the query? This is the query I am trying to run.
PDATE wp_post SET post_contect = REPLACE (post_content, ‘old domain:8888', ‘newdomain.co.uk');
Thanks!
The problem isn't the colon (:), it's the fact you're using the wrong quotes - you should use ' to denote a string literal, not ‘.
UPDATE wp_post
SET post_contect =
REPLACE (post_content, 'old domain:8888', 'newdomain.co.uk');