Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Help with SQL

Re: Help with SQL

From: Thomas J. Kyte <tkyte_at_us.oracle.com>
Date: Thu, 30 Mar 2000 21:52:25 GMT
Message-ID: <8c0iag$r07$1@nnrp1.deja.com>


In article <8c04ak$pio_at_portal.gmu.edu>, Sundeep Kumargoswami <skumargo_at_osf1.gmu.edu> wrote:
> Hi,
> I am trying to execute a SQL statement against an oracle database
> the field (customer_name) I am querying on contains records with
> embedded single quotes (') for example, Craig's data exchange. When
> the query hits one of these records it fails with improperly quoted
> string error. The front-end is VB and the connection is made using
ODBC
>
> Do While Not .EOF
>
> mySql = "SELECT * FROM all_customer_acct WHERE " & _
> "customer_name = '" & UCase(!customer_nm) & "'"
>
> frmValidator.Text1.Text = UCase(!customer_nm)
> frmValidator.Refresh
>
> outString = UCase(!customer_nm) & "|"
>
> How can I change the Sql Statment so it will not fail in the above
> situation.
>
> Thanks,
> Sundeep
>

Please -- if you want your app to scale above a handful of queries -- use BIND VARIABLES. Do not concatenate in string constants, it'll defeat the whole purpose of the shared pool -- AND it'll overcome your quote problem.

If you must do the character string constant (you'll hate yourself later for doing that), you need to double up the quotes:

select * from T where c = 'Craig''s Place'

> --
> -----------------------------------
> Sundeep Goswami
> skumargo_at_gmu.edu
> goswamis_at_hotmail.com
>

--
Thomas Kyte tkyte_at_us.oracle.com
Oracle Service Industries http://osi.oracle.com/~tkyte/index.html --
Opinions are mine and do not necessarily reflect those of Oracle Corp

Sent via Deja.com http://www.deja.com/
Before you buy. Received on Thu Mar 30 2000 - 15:52:25 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US