Replace quotation marks in sql query in perl script - mysql

I have a text file of data that I am importing into a MySQL database. Some of the lines unfortunatley contain quotation marks, which causes my SQL queries to go haywire. I would like to get rid of any field that has quotation marks, or at very least ignore them in my query.
I found something that might work, but being as this is run through a Perl script I am having issues "escaping" the quotation marks. I really don't know how and can't figure it out. I would like to just search through my table and delete any quotation marks (") that it may find or replace it with a single quotation mark or space or anything really.
my $myreplacequery = "REPLACE(s.Title, '"','')";
$sth = $dbh->prepare($myreplacequery);
$sth->execute;
Anyone have any ideas?
Thanks!

Change query to UPDATE on this table:
update tablename set title = REPLACE(title,'\"','\'') where title like '%\"%'

Perl has q and qq (quote-like operators) for this kind of situation. They allow you to choose the quote character to use. q acts like a single-quote (') and doesn't interpolate (expand variables) while qq acts like a double quote (") and does.
my $replacequery = q{REPLACE(s.Title, '"','')};

You actually want to pass a string consisting of a single quote to REPLACE for its 3rd arg, but you're passing an empty string. The necessary SQL is:
REPLACE(s.Title, '"', '\'')
To create that string in Perl, you could use either of the following string literals:
"REPLACE(s.Title, '\"', '\\'')" # Produces: REPLACE(s.Title, '"', '\'')
qq{REPLACE(s.Title, '"', '\\'')} # Produces: REPLACE(s.Title, '"', '\'')
Notice how " needed to be escaped. Without it, Perl would see the following string literal (followed by junk):
"REPLACE(s.Title, '"
^ ^
| |
start end
of string of string
literal literal

Related

search special character in mysql string fucntions

I need to use special character like ( \ ) character in mysql string function and unfortunately it doesn't work properly!for example couldn't search this character alone (locate-instr-substring_index-concat and even in set variable value are function that i need and test )
like thses
SELECT LOCATE("\", "Schools.co\m", 1) AS MatchPosition;
select SUBSTRING_INDEX("footba\l","\",1)
I will appreciate if anybody could help me
Backslash needs to be escaped. To fix your SUBSTRING_INDEX example, consider the following:
SELECT SUBSTRING_INDEX("footba\\l","\\",1) FROM dual
Here, backslash has to be escaped both in the string literal and in the text to match.
To escape a literal backslash inside a LIKE expression, use four backslashes, e.g.
SELECT 'match' FROM dual WHERE "footba\\l" LIKE '%\\\\%';
Demo

How to correctly format quotation marks and double quotes in mysql query

I'm currently using PDO connection for perform some mysql queries and since I use the command $conn->prepare("HERE THE QUERY") I want to know how to format characters like quotes and double quotes.
When I have cases like this one:
$conn->prepare("SELECT * FROM ('SELECT DISTINCT (user_id) FROM table1')");
This is fine because in the nested SELECT there isn't a particular character that can cause problems. But how can we handle special cases like that?
Here a strange example (forget the mysql.. this is quite irrelevant, focus on the quotes situation) with quotes and double quote inside the nested SELECT:
$conn->prepare("SELECT * FROM ('SELECT user_id, CONCAT('[\"",GROUP_CONCAT(DISTINCT(cat) ORDER BY user_id DESC SEPARATOR "\",\""),"\"]') cat_grouped FROM table_1') select1");
What should be the right quotation mark syntax according to this example query? If i use ' instead of " when I prepare the query the problem is quite fixed, but I want to understand if there is a smart way to maintain the double quotes.
firstly I recommend using single quotes - they're faster :D
The main issue is using the same quotes with each other. Doing this causes pre-mature closing, and I'm sure you'd like to save that pre-mature embarrassment.
See in simple terms:
"string has star"ted"
As you can see, the first double quote the file gets to is the one after star. This closes the string after star, rendering the ted" in a fatal error.
What you want to do is escape the quotes that conflicts with the opening quote. Single quotes inside double quotes are fine, and vice versa.
Escape single quotes inside single quotes and double quotes inside double quotes - the rest should be ok to leave. Also I recommend using backticks for your mysql tables and fields to avoid some errors down the road if they deiced to add some new keyword that just so happens to match your table/field name
e.g.
if using single quotes:
$conn->prepare('SELECT * FROM table WHERE string_field = \'value\'');
if using double quotes:
$conn->prepare("SELECT * FROM table WHERE string_field = \"value\"");
if mixing:
$conn->prepare('SELECT * FROM table WHERE string_field = "value"');
\ is the escape character used for situations like this :)
The alternative is concatting strings:
$conn->prepare('SELECT * FROM table WHERE field = '. $foo);
so breaking it up, you declare string same was as usual with preferred quotes, then to add stuff to it, you use . to concat

How to use UPDATE in MySQL with string containing escape characters

please look here:
UPDATE cars_tbl
SET description = '{\rtf1'
WHERE (ID=1)
Description field is "blob", where my RTF document is to be stored.
When I check updated data I always find
{
tf1
\r simply disapears. I tried to find solution on the web, but no success. My rtf files are corrupted on many places, because the escape characters used in the string are substituted. How to suppress this substitution and update field with string as is?
Thanx for advice
Lyborko
Backslash is an escape character, so to keep it you need a double backslash:
UPDATE cars_tbl
SET description = '{\\rtf1'
WHERE (ID=1)
As an aside \r is a carriage return.. and it hasn't disappeared in your data; it is responsible for tf1 appearing on the line below the {.
You can achieve this with a more generic approach
use of QUOTE() in mysql
MySQL QUOTE() produces a string which is a properly escaped data value in an SQL statement, out of an user supplied string as argument.
The function achieve this by enclosing the string with single quotes, and by preceding each single quote, backslash, ASCII NUL and control-Z with a backslash.
example
UPDATE cars_tbl
SET description = QUOTE('{\rtf1')
WHERE (ID=1)
UPDATE
to escape your RTF you can also just use REPLACE this way all your \ will become \\
Example
UPDATE cars_tbl
SET description = REPLACE('{\rtf1', '\', '\\')
WHERE (ID=1)

explain these lines of mysql string Literals

I Have selected these lines from Mysql official site dev.mysql.com.
I am unable to understand what these lines means.
There are several ways to include quote characters within a string:
A “'” inside a string quoted with “'” may be written as “''”.
A “"” inside a string quoted with “"” may be written as “""”.
I did not understand how this sql.
mysql> SELECT 'hel''lo';
Outout: hel'lo
Please Help
You have a string inside single quotes, then it finds another quote, escaped by yet another code. So, it will translate into
'(start of string)hel'(escaping the next quote)'(the escaped quote)lo'(ending the string)
And thus outputting:
hel'lo
It's simple. If you need to put a quote within a string literal delimited by those quotes, you can't use just a standalone quote character (like 'O'Brien') since there's no easy way to tell which of the second or third quote is the closing quote.
So they introduce a rule. If the SQL interpreter is within a quoted string and it finds another quote, it uses these rules:
if the quote is immediately followed by another quote, assume the user wants one quote within the literal.
otherwise it's the closing quote for the literal.
So, for example, consider:
select * from people where surname = 'O'Brien' order by id
Now you and I can tell which of those quotes actually terminates the string literal because we understand how names work. The computer does not take that for granted, instead requiring:
select * from people where surname = 'O''Brien' order by id
and turning the '' inside the literal into a single '.

mySQL Query String in Perl does not seem to handle '\n'

I am trying to replace newline characters in the DB with <br/> tags and have the following mySQL query string written in Perl.
my $queryString = "Select REPLACE(r.form_text,'\n','<br /> '), ... FROM myTable r;"
For some reason, \n is treated as a newline from within perl and does not seem to replace it with <br/>. Here is what I got when I tried to print $queryString
REPLACE(r.form_text,'
','< br /> ')
I tried to use \\n and \\\n and it didn't work either. I apologize if this is a repeated question. Please let me know if I'm missing something here.
Of course you get a newline. When you use double quotes to quote a string anything inside it is interpolated, and \n becomes a literal newline. If you want a literal \n, you need to prevent interpolation. Usually, you would use single quotes, but that is impractical since you have those in the string already. So instead, use the q() feature.
my $queryString =
q|Select REPLACE(r.form_text,'\n','<br /> '), ... FROM myTable r;|;
Note that you can use a wide variety of delimiters for q(), in this case, I used pipe |. If you try and print this string, it should have a literal \n. Documentation here.