This question already has answers here:
character for single quote
(1 answer)
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 8 years ago.
hey guys was hoping you could help me out,
Not sure if I always had this problem or if its new, in phpmyadmin in the sql tab, the apostrophe it recognizes is different from what i type, for example,
when i type, it is
SELECT * FROM 'table'
this gives me an error, so instead I have to like copy/paste the inverted commas of some prebuilt query so that it looks like
SELECT * FROM `table`
see how the apostrophes are different? any way I can fix this?
also, i have seen many queries on the web, and i think even queries i call from php dont require table names to have apostrophes. But when write it in phpmyadmin, I can do queries without table names having apostrophes?
thanks in advance.
In MYSQL, table is a reserved keyword. If you want to use reserved keywords in mysql in query, you have to enclose them in backtick(`).
As table is reserved keyword you query should be
SELECT * FROM `table`
Regarding single quote ('), in mysql, it represents string value.
SELECT *, 'table' FROM `table`;
Demo
You should only need to quote table names when they conflict with a reserved word.
Also:
` = Grave accent, or (because someone needed to invent a word) backtick
' = Apostrophe, or straight single quote
You dont need apostrophe on table name.
You should use ` in cases that your table/field name is a reserve word eg:
SELECT `distinct`, myfields FROM mytable
note that distinct is an sql command so you need to put the `.
SELECT * FROM `table`
table here should be inside `.
There are two different characters, the backtick and the single quote. Table and column names can be surrounded by the backtick, strings can be surrounded by quotes. There is nothign to fix :D
Related
if I have a column with some values that starts with "%" like this:
[ID]-----[VALUES]
1--------Amount
2--------Percentage
3--------%Amount
4--------%Percentage
how can I have only these two rows with a "select" query?:
[ID]-----[VALUES]
3--------%Amount
4--------%Percentage
I tried these queries but them don't work:
select * from TABLE where VALUES like '[%]%'
select * from TABLE where VALUES like '\%%'
I know that in Java, C and other languages, the backspace \ let you use a jolly character as a normal one like:
var s = "I called him and he sad: \"Hi, there!\"";
There is a similar character/function that do it in SQL?
All answers will be appreciated, thank you for reading the question!
Your query
select * from TABLE where VALUES like '\%%'
should work. The reason it doesn't is because you may have NO_BACKSLASH_ESCAPES enabled which would treat \ as a literal character.
A way to avoid it is using LIKE BINARY
select * from TABLE where VALUES like binary '%'
or with an escape character (can be any character you choose) specification.
select * from TABLE where VALUES like '~%%' escape '~'
try this :
select * from TABLE where VALUES like '%[%]%'
There is an ESCAPE option on LIKE:
select *
from TABLE
where VALUES like '$%%' escape '$';
Anything following the escape character is treated as a regular character. However, the default is backslash (see here), so the version with backslash should do what you want.
Of course, you could also use a regular expression (although that has no hope of using an index).
Note: escape is part of the answer standard so it should work in any database.
You're right that you'll need an escape character for this. In SQL you have to define the escape character.
SELECT * FROM TABLE where VALUES like ESCAPE '!';
I'm pretty sure you can use whatever character you want.
Here's a link to a microsoft explanation that goes into more detail.
Microsoft explanation
MySQL Explanation
The last person in my job has flooded column names with special characters such as (?,!, and /), as well as used many reserved keywords for column names (more often than not, timestamp or user is used).
Normally, I step around this by using double quotes or brackets to escape the SQL object. A subset of the full list of columns are below:
DriverID,
Department,
Odometer,
MerchantState,
MerchantCity,
gallons/Units,
timestamp,
tax
Inside my query, I wrap the two columns in question (gallons/units and timestamp) inside double quotes. Timestamp because it's a reserved keyword, and Gallons/units, because without the quotes, SQL reads the query, stops at the slash, and tells me "Gallons" is not a column inside the table.
If I do wrap double quotes around the column name, SQL returns a different error: "Operand should contain 1 column(s)".
I've tried every variant (only capturing the slash in quotes, quoting both, using brackets, mixing brackets and quotes, etc. but with to no avail).
Is there anything I can do to fix this query short of renaming the column name and changing the associated code in the program that pulls from it? (the really tedious task I'm trying to avoid).
In SQL Server, identifiers can be delimited using square brackets, e.g.
SELECT [gallons/units] ...
In MySQL, identifiers can be delimited using backticks, e.g.
SELECT `gallons/units` ...
(NOTE: If MySQL SQL_MODE includes ANSI_QUOTES, then double quotes are treated as delimiters for identifiers, similar to the way Oracle handles double quotes; absent that setting, double quotes are handled as delimiters for string literals. With ANSI_QUOTES included SQL_MODE, "gallons/units" will be interpreted as an identifier (column name). Without ANSI_QUOTES, MySQL will see it as a string literal, as if it were enclosed in single quotes.)
FOLLOWUP:
As far as an error "operand should contain only 1 column(s)", that's usually a problem with query semantics, not an issue with escaping identifiers.
A subquery in the SELECT list can return only a single expression, for example, this would throw an error:
Query: SELECT 'foo' , ( SELECT 'fee' AS fee, 'fi' AS fi )
Error Code: 1241
Operand should contain 1 column(s)
You can try backticks instead of double quotes
`gallons/units`
There are a couple of options. First, have you tried using %/ to escape the slash?
Example: "select * from 'gallons%/units';"
Second one I've found, which may or may not be helpful, is to provide an escape character definition, such as
http://blogs.msdn.com/b/zainala/archive/2008/08/17/using-and-escape-clause-in-sql-server-like-query.aspx
select * from MyTable where Description like '|[summary|]%' escape '|'
In your case
select * from 'gallons|/units' escape '|'
You indicate both mysql and sql-server in your tags, so I'm not sure which server support I should be looking for exactly.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 2 years ago.
I am working on a project where another developer created a table with column names like 'Business Name'. That is a space between two words. If I run a SELECT statement with 'Business Name' it says there is no column with name 'Business'.
How can I solve this problem?
Generally the first step is to not do that in the first place, but if this is already done, then you need to resort to properly quoting your column names:
SELECT `Business Name` FROM annoying_table
Usually these sorts of things are created by people who have used something like Microsoft Access and always use a GUI to do their thing.
If double quotes does not work , try including the string within square brackets.
For eg:
SELECT "Business Name","Other Name" FROM your_Table
can be changed as
SELECT [Business Name],[Other Name] FROM your_Table
You need to use backtick instead of single quotes:
Single quote - 'Business Name' - Wrong
Backtick - `Business Name` - Correct
To each his own but the right way to code this is to rename the columns inserting underscore so there are no gaps. This will ensure zero errors when coding. When printing the column names for public display you could search-and-replace to replace the underscore with a space.
I got here with an MS Access problem.
Backticks are good for MySQL, but they create weird errors, like "Invalid Query Name: Query1" in MS Access, for MS Access only, use square brackets:
It should look like this
SELECT Customer.[Customer ID], Customer.[Full Name] ...
I think double quotes works too:
SELECT "Business Name","Other Name" FROM your_Table
But I only tested on SQL Server NOT mySQL in case someone work with MS SQL Server.
In a statement like this;
$sql = "SELECT distinct `term`,count(*) as count
FROM {$temp_table_name}
group by `term` order by count DESC";
What does using the back tick character (`) around the field name 'term' buy me?
Is the usage of back ticks for performance reasons? Or is it for some sort of a SQL injection protection?
Note: After I submit the question, I realized that the backtick character does not show around the field name 'term' - right here on stackoverflow.
I don't know of a way of making it appear here in the question body.
If term is mysql key word, you need to quote it by `, otherwise, it is not necessary.
Ps: distinct is not necessary in your case, because you group by it.
The back-tick is the 'official' identifier quote character.
http://dev.mysql.com/doc/refman/5.0/en/identifiers.html
It allows a wider array of characters in an identifier, as described on the linked documentation.
Backticks just allow the use of spaces or other alternate characters in field names.
I think it's already been pretty well explained here.
When We use a keyword as a table name,field-name in MySQL use backticks, or double-quotes when ANSI_QUOTES is enabled.Other wise it is not necessary.It is not releated to SQL injection protection
I'm having a MySQL issue.
I'm trying to select all rows in a table that start with a backslash and an apostrophe:
SELECT * FROM table WHERE name like '\\\'%'
But this is not working. An example of what I'm trying to select: \'S-GRAVENDEEL
How do I do this?
Thanks
p.s.
Yes, this was the result of a faulty import, I know, but now I need to fix it :-)
You need more backslashes:
select * from table where name like '\\\\\'%'
You need one of them to get a single quote into the pattern. Then you need four more to get a single literal backslash down to the like. Or you could escape the single quote by doubling it:
select * from table where name like '\\\\''%'
So I've got a solution.
Basically what I want to do is fix the entries, so I'll show you what the replace looks like:
SELECT *, REPLACE(naam, '\\''', '''') naamnew FROM school_plaats WHERE naam like '%\\''%'
Apparently, I need to escape the apostrophe with an apostrophe and the backslash with a backslash.