I want to select my particular database in mysql console, but the problem is that my database name has a space in between and mysql ignores the part after the space. For instance, when i give the command:
use 'student registration'
I get the message:
cannot find database 'student'
You should try using back ticks ("`") to quote your database name. Generally speaking, it's probably better to use a naming convention to eliminate white space, e.g.
USE `StudentRegistration`;
or
USE `student_registration`;
You have two options.
1 Enclose the database name in backticks or single quotes.
USE `student registration`;
USE 'student registration';
2 Escape the white space character.
USE student\ registration;
Oddly enough this produces.
ERROR: Unknown command '\ '.
But still changes the database.
When I had to deal with other people's tables with spaces the following worked:
use `student registration`;
At least that would be yours.
Use Double quotes instead of single, double quotes worked for me :
USE "student registration";
Use student registration without quotes.
You have to use square brackets to get this work:
Use [student registration]
Related
The MySQL documentation says that it should be \'. However, both scite and mysql shows that '' works. I saw that and it works. What should I do?
The MySQL documentation you cite actually says a little bit more than you mention. It also says,
A “'” inside a string quoted with “'” may be written as “''”.
(Also, you linked to the MySQL 5.0 version of Table 8.1. Special Character Escape Sequences, and the current version is 5.6 — but the current Table 8.1. Special Character Escape Sequences looks pretty similar.)
I think the Postgres note on the backslash_quote (string) parameter is informative:
This controls whether a quote mark can be represented by \' in a string literal. The preferred, SQL-standard way to represent a quote mark is by doubling it ('') but PostgreSQL has historically also accepted \'. However, use of \' creates security risks...
That says to me that using a doubled single-quote character is a better overall and long-term choice than using a backslash to escape the single-quote.
Now if you also want to add choice of language, choice of SQL database and its non-standard quirks, and choice of query framework to the equation, then you might end up with a different choice. You don't give much information about your constraints.
Standard SQL uses doubled-up quotes; MySQL has to accept that to be reasonably compliant.
'He said, "Don''t!"'
What I believe user2087510 meant was:
name = 'something'
name = name.replace("'", "\\'")
I have also used this with success.
There are three ways I am aware of. The first not being the prettiest and the second being the common way in most programming languages:
Use another single quote: 'I mustn''t sin!'
Use the escape character \ before the single quote': 'I mustn\'t sin!'
Use double quotes to enclose string instead of single quotes: "I mustn't sin!"
just write '' in place of ' i mean two times '
Here's an example:
SELECT * FROM pubs WHERE name LIKE "%John's%"
Just use double quotes to enclose the single quote.
If you insist in using single quotes (and the need to escape the character):
SELECT * FROM pubs WHERE name LIKE '%John\'s%'
Possibly off-topic, but maybe you came here looking for a way to sanitise text input from an HTML form, so that when a user inputs the apostrophe character, it doesn't throw an error when you try to write the text to an SQL-based table in a DB. There are a couple of ways to do this, and you might want to read about SQL injection too.
Here's an example of using prepared statements and bound parameters in PHP:
$input_str = "Here's a string with some apostrophes (')";
// sanitise it before writing to the DB (assumes PDO)
$sql = "INSERT INTO `table` (`note`) VALUES (:note)";
try {
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':note', $input_str, PDO::PARAM_STR);
$stmt->execute();
} catch (PDOException $e) {
return $dbh->errorInfo();
}
return "success";
In the special case where you may want to store your apostrophes using their HTML entity references, PHP has the htmlspecialchars() function which will convert them to '. As the comments indicate, this should not be used as a substitute for proper sanitisation, as per the example given.
Replace the string
value = value.replace(/'/g, "\\'");
where value is your string which is going to store in your Database.
Further,
NPM package for this, you can have look into it
https://www.npmjs.com/package/mysql-apostrophe
I think if you have any data point with apostrophe you can add one apostrophe before the apostrophe
eg. 'This is John's place'
Here MYSQL assumes two sentence 'This is John' 's place'
You can put 'This is John''s place'. I think it should work that way.
In PHP I like using mysqli_real_escape_string() which escapes special characters in a string for use in an SQL statement.
see https://www.php.net/manual/en/mysqli.real-escape-string.php
I have been working on a database for my coursework and have used phpMyAdmin to build it. Now I am working on the queries using the query tool.
When I pick the tables and data I want to query and press "update query" it will generate the query which looks something like this:
SELECT `Customer`.`CustomerName`, `OrderDetails`.`Product`, `OrderDetails`.`QuantityOrdered`
FROM `Customer`
LEFT JOIN `Order` ON `Order`.`Customer` = `Customer`.`CustomerID`
LEFT JOIN `OrderDetails` ON `OrderDetails`.`Order` = `Order`.`OrderID`
This works fine and gives me the results I was expecting. However when I try and write my own query and put something like "SELECT Customer.CustomerName," WITHOUT the ' symbol it won't work and just throws up an error message.
Must I always wrap them using the ' symbol for the query to work?
Forward quotes are used to escape object names in MySQL. You don't have to use them unless you use names that wouldn't be valid identifiers - in this case, the table name order is a reserved word, and must be escaped. All the other tables and columns you're using seem to be OK.
Except for the visual nightmare and ability to create horrendous table names, backticks are entirely unnecessary. You will, however, be required to wrap any variables in single quotes.
As you can see from my example below, using backticks is not a requirement with PHPMYADMIN;
The reason it is not working when you remove the backticks is because you have a column called 'order'. Order is a keyword in SQL and therefore cannot be used as a column name without being wrapped in either quotes or backticks.
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 2 years ago.
I am working on a project where another developer created a table with column names like 'Business Name'. That is a space between two words. If I run a SELECT statement with 'Business Name' it says there is no column with name 'Business'.
How can I solve this problem?
Generally the first step is to not do that in the first place, but if this is already done, then you need to resort to properly quoting your column names:
SELECT `Business Name` FROM annoying_table
Usually these sorts of things are created by people who have used something like Microsoft Access and always use a GUI to do their thing.
If double quotes does not work , try including the string within square brackets.
For eg:
SELECT "Business Name","Other Name" FROM your_Table
can be changed as
SELECT [Business Name],[Other Name] FROM your_Table
You need to use backtick instead of single quotes:
Single quote - 'Business Name' - Wrong
Backtick - `Business Name` - Correct
To each his own but the right way to code this is to rename the columns inserting underscore so there are no gaps. This will ensure zero errors when coding. When printing the column names for public display you could search-and-replace to replace the underscore with a space.
I got here with an MS Access problem.
Backticks are good for MySQL, but they create weird errors, like "Invalid Query Name: Query1" in MS Access, for MS Access only, use square brackets:
It should look like this
SELECT Customer.[Customer ID], Customer.[Full Name] ...
I think double quotes works too:
SELECT "Business Name","Other Name" FROM your_Table
But I only tested on SQL Server NOT mySQL in case someone work with MS SQL Server.
I have an MySQL query, which returns an error message. I think it could be due to the word "out". Normally, I would just change the field name but I am working on some software that I am not used to and I don't know how much of a change that would be. So, I want to be sure if I have to.
Here is the query:
SELECT * FROM probid_bids WHERE auctionid=73 AND out=0 AND invalid=0
Here the error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'out=0 AND invalid=0' at line 1
OUT is indeed a reserved word. You can encase the column names in backticks to quote the names, and thus avoid this problem, like so:
SELECT * FROM probid_bids WHERE `auctionid`=73 AND `out`=0 AND `invalid`=0
OUT is a reserved word (it is used to specify the type of parameters -- IN, OUT, INOUT -- when creating procedures). Try enclosing it inside backticks (`).
The rules regarding how and when to quote the identifiers (table names, column names, etc) are described here.
Note: certain MySQL configurations allow you to use double quotes as well but this should be avoided; stick with using backticks to quote identifiers and single quotes to quote strings.
Escape the keys:
SELECT * FROM `probid_bids` WHERE `auctionid`=73 AND `out`=0 AND `invalid`=0
In a statement like this;
$sql = "SELECT distinct `term`,count(*) as count
FROM {$temp_table_name}
group by `term` order by count DESC";
What does using the back tick character (`) around the field name 'term' buy me?
Is the usage of back ticks for performance reasons? Or is it for some sort of a SQL injection protection?
Note: After I submit the question, I realized that the backtick character does not show around the field name 'term' - right here on stackoverflow.
I don't know of a way of making it appear here in the question body.
If term is mysql key word, you need to quote it by `, otherwise, it is not necessary.
Ps: distinct is not necessary in your case, because you group by it.
The back-tick is the 'official' identifier quote character.
http://dev.mysql.com/doc/refman/5.0/en/identifiers.html
It allows a wider array of characters in an identifier, as described on the linked documentation.
Backticks just allow the use of spaces or other alternate characters in field names.
I think it's already been pretty well explained here.
When We use a keyword as a table name,field-name in MySQL use backticks, or double-quotes when ANSI_QUOTES is enabled.Other wise it is not necessary.It is not releated to SQL injection protection