Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Problem with single quote character

Re: Problem with single quote character

From: DA Morgan <damorgan_at_psoug.org>
Date: Fri, 06 Oct 2006 08:58:58 -0700
Message-ID: <1160150336.179545@bubbleator.drizzle.com> 





dean wrote:

> Brian Peasland wrote:




>> Chris L. wrote:

>>> Hi,

>>>

>>> The problem: Building dynamic SQL sometimes results in statements like

>>> this:

>>>

>>> execute immediate

>>> 'update owner.customers set city=''Unknown'', country=''Cote D'Ivoire''

>>> where cust_id=37'

>>> ;

>>>

>>> This is a problem, because the quote in [Cote D'Ivoire] renders the sql

>>> statement invalid.

>>>

>>> Easily fixed, duplicating the quote as below:

>>>

>>> 'update owner.customers set city=''Unknown'', country=''Cote

>>> D''Ivoire'' where cust_id=37'

>>>

>>> My question: What other characters could "break" the sql? Maybe [:],

>>> [\], [&], [%]? Is there a complete list somewhere?

>>>

>>> Furthermore, I remember seeing on documentation an option to make other

>>> characters play the role of the single quote but no matter what I

>>> search terms I use, I can't seem to find it.

>>>

>>> Oracle 9i 9.2.0.4.0

>>>

>>> Thanks all in advance.

>>>

>> My first opinion is that coding UPDATE statements dynamically is often

>> bad coding. If you just code the UPDATE statement in a PL/SQL block and

>> put the values in variables, then you won't run into this issue.

>>

>> If you insist on using dynamic SQL in this manner, then you'll have to

>> pre-parse the values. So if you have "Cote D'Ivoire" in a variable, then

>> run it through REPLACE first to change the single quote to two single

>> quotes.

>>

>> About the only other character I can think of off the top of my head

>> that would interfere in your EXEC IMMED statement is the semicolon,

>> which is a statement terminator.

>>

>> HTH,


>> Brian

>>

>> --

>> ===================================================================

>>

>> Brian Peasland

>> dba_at_nospam.peasland.net

>> http://www.peasland.net

>>

>> Remove the "nospam." from the email address to email me.

>>

>>

>> "I can give it to you cheap, quick, and good.

>> Now pick two out of the three" - Unknown


> 
> I think underscore can have different meanings - such as wildcard
> single character, so you have to be careful with that.
> 
> Dean





They do but you can escape them. There is a demo of this in Morgan's
Library at www.psoug.org under Wildcards. Scroll down to the "Querying
Records Containing Wildcards" demo.

-- 
Daniel Morgan
University of Washington
Puget Sound Oracle Users Group


Received on Fri Oct 06 2006 - 10:58:58 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US