can we escape single quote in sql server query - sql-server-2008

I have a problem with the following query in SQL SERVER
select ecode,ename
from VW_EFORMS_BillingAdjustmentCodes
where ename='Ravi's friend';
In the Above Query "Ravi's Friend" is a string from DB. can i escape the single quote
please help me..

You can use two quotes:
'Ravi''s friend'
Or use a parameterized query and supply the string as a parameter:
SELECT ecode, ename
FROM VW_EFORMS_BillingAdjustmentCodes
WHERE ename = ?

A single quote in a string is escaped by two single quotes in a row ('').
where ename='Ravi''s friend'
^^ two ''

Related

DECODE Function in SQL

I am trying to insert the following query and I get syntax errors. Can you please help me with the below query:
INSERT INTO ABCTABLE (COLUMN1) values ('DECODE(MDSE_CD,NULL,'0000000000000000',LPAD(TO_NUMBER(MDSE_CD,'16',' '))');
Since you haven't really said anything other than "this query doesn't work, fix it", I have to take a stab in the dark what you want. From the query you have, I'm therefore guessing you want the value of the column to be DECODE(MDSE_CD,NULL,'0000000000000000',LPAD(TO_NUMBER(MDSE_CD,'16',' '))
In which case, you have to escape the single quotes within your string literal. Do this by doubling up the quotes:
INSERT INTO ABCTABLE (COLUMN1)
VALUES ('DECODE(MDSE_CD,NULL,''0000000000000000'',LPAD(TO_NUMBER(MDSE_CD,''16'','' ''))')
Try properly escaping the inner single quotes
INSERT INTO ABCTABLE (COLUMN1)
VALUES ('**DECODE**(MDSE_CD,NULL,''0000000000000000'',**LPAD**(TO_NUMBER(MDSE_CD,''16'','' ''))');
The problem is the use of quote marks. If we tried to break up your query it would look like this:
INSERT INTO ABCTABLE
(COLUMN1)
values
(
'DECODE(MDSE_CD,NULL,'
0000000000000000
',LPAD(TO_NUMBER(MDSE_CD,'
16
','
'))'
);
...which clearly makes no sense.
You might want to think about how to escape a quote mark inside a string.
Sql Server:
DECOD function in Sql Server can be replaced with CASE construct
LPAD function in Sql Server has not a direct correspondence but you can pad your string using string manage function REPLACE (replicate a character a number of specified times)
My Sql:
DECOD function in MySql can be replaced with CASE construct
LPAD function in MySql is existent
What do you want to store... a string literal 'DECODE(MDSE...))', or did you want to call a function to derive a value?
To store a string literal containing single quotes, you need to "escape" each single quote within the string with an extra single quote, e.g.
O'Hare Int'l ==> 'O''Hare Int''l'
The DECODE function is Oracle specific. That expression will need to be rewritten using different functions in both MySQL and SQL Server.

sql server equivalent of mysql where in

I have always used a MySQL Where In to filter for multiple values of a single field. I am looking for the equivalent for SQL Server. When I set this up on SS it looks at each item as a field in my table instead of a record in my field. Does anyone know the equivalent? Thanks!
MySQL:
SELECT quote_id,entity_id FROM customer.customer_id4
WHERE
quote_id IN ("00033658.0","00033361.0","00032971.0")
Error when using similar format in SS:
Invalid column name '00033658.0'
Invalid column name '00033361.0'
Invalid column name '00032971.0'
" in SQL server is used to delimit field names. You need to use ' instead, e.g.
... quote_id IN ('00033658.0', '00033361.0', etc...)
^-- ^--- note the different quotes
I think you just have to replace double quotes(") with a single quote (').
SELECT quote_id,entity_id FROM customer.customer_id4
WHERE
quote_id IN ('00033658.0','00033361.0','00032971.0')
Try using single quotes in the IN statement and see this link: http://technet.microsoft.com/en-us/library/ms177682.aspx

MySQL's different quote marks

I am a bit new to MySQL and just wanted to know what is the difference between:
` ' "
when I'm using them in a query.
With ` you write mysql variable names.
With ' you write mysql variable values
For example
SELECT * FROM `test` WHERE `x` = '1'
I would add that the way double quotes are interpreted depend of wether or not your MySQL server has ANSI quotes turned on or off.
In the former you cannot use double quotes as a string delimiter.
SELECT name FROM user WHERE last_name = "norris" ;
will return you a punch in your teeth.
``quotes you dont need to escape where as string quotes you do ''single or ""double
http://dev.mysql.com/doc/refman/5.1/en/string-literals.html
http://dev.mysql.com/doc/refman/5.1/en/identifiers.html
use ` (backquotes) for column name
use ' or " for values
Don't use backticks with column values. use either single or double quotes otherwise mysql considered that value as a column name.

How to replace all double quotes to single quotes using mysql replace?

I need to replace all double quotes to single quotes using mysql query.
How can I do that. My sql should be in double quotes.
mysql="select replace(text,'\"',''') from mytable"
throwing error. How can I escape that single quotes inside query?
Try this one
$mysql="select replace(text,'\"',\"'\") from mytable";
Then the query will become
select replace(text,'"',"'") from mytable
at the Mysql end.
You need to escape the single quote ' too (see table 8.1):
mysql="select replace(text,'\"','\\'') from mytable"
Thus, the string sent to MySQL will read:
select replace(text,'"','\'') from mytable

MySQL Escape double quotes in query result

I have a CONCATENATION problem regarding quotes.
In my database I have single and double quoted text and then I buld a JSON string with CONCAT,
CONCAT('{"',a,'":"',b,'"}')
Lets say we have the following data:
a b
Phrase Monica's mirror
Phrase Joe "Hammer" Smith
Phrase Oo-la-laaa
The concatenation will be
{"Phrase":"Monica's mirror"}
{"Phrase":"Joe "Hammer" Smith"}
{"Phrase":"Oo-la-laaa"}
As you can see 'Joes "Hammer" Smith' will create an invalid json string.
QUESTION
Is there a way in SQL to escape quotes (in the CONCAT)? so I get this result:
{"Phrase":"Monica's mirror"}
{"Phrase":"Joe \"Hammer\" Smith"}
{"Phrase":"Oo-la-laaa"}
Remember, this is not on the PHP side, it needs to be done in the SQL query,
Thank you...
Have you tried something like this?
CONCAT('{"',REPLACE(a,'"','\\"'),'":"',REPLACE(b,'"','\\"'),'"}')