Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Help with SQL
In article <8c04ak$pio_at_portal.gmu.edu>,
Sundeep Kumargoswami <skumargo_at_osf1.gmu.edu> wrote:
> Hi,
> I am trying to execute a SQL statement against an oracle database
> the field (customer_name) I am querying on contains records with
> embedded single quotes (') for example, Craig's data exchange. When
> the query hits one of these records it fails with improperly quoted
> string error. The front-end is VB and the connection is made using
ODBC
>
> Do While Not .EOF
>
> mySql = "SELECT * FROM all_customer_acct WHERE " & _
> "customer_name = '" & UCase(!customer_nm) & "'"
>
> frmValidator.Text1.Text = UCase(!customer_nm)
> frmValidator.Refresh
>
> outString = UCase(!customer_nm) & "|"
>
> How can I change the Sql Statment so it will not fail in the above
> situation.
>
> Thanks,
> Sundeep
>
Please -- if you want your app to scale above a handful of queries -- use BIND VARIABLES. Do not concatenate in string constants, it'll defeat the whole purpose of the shared pool -- AND it'll overcome your quote problem.
If you must do the character string constant (you'll hate yourself later for doing that), you need to double up the quotes:
select * from T where c = 'Craig''s Place'
> --
> -----------------------------------
> Sundeep Goswami
> skumargo_at_gmu.edu
> goswamis_at_hotmail.com
>
--
Thomas Kyte tkyte_at_us.oracle.com
Oracle Service Industries http://osi.oracle.com/~tkyte/index.html
--
Opinions are mine and do not necessarily reflect those of Oracle Corp
Sent via Deja.com http://www.deja.com/
Before you buy.
Received on Thu Mar 30 2000 - 15:52:25 CST