Using SQL Server 2014.
I have a field that contains a string that contains a full file path i.e.
\\Server\Folder1\Folder2\Folder3\File21.csv
I only want what is after the last backslash i.e.
File21.csv
So in the world of SQL I would use:
Select RIGHT([FileName],charindex('\',reverse([FileName]),1)-1) as FileNameNew from mytable
However, how do I do this in a Derived Column in SSIS? There is no CHARINDEX so you have to use FINDSTRING. This is my expression:
RIGHT( [FileName] , FINDSTRING('\', REVERSE( [FileName] ) ,1) -1)
But it is not working, it keeps saying the single quotation mark was not expected. I've also tried double quotes to no avail.
I think you have your parameters backwards. FINDSTRING() wants the thing you're searching first, then the thing you're searching for. And you will need double quotes and an escaped backslash. This should work:
RIGHT( [FileName] , FINDSTRING(REVERSE( [FileName] ), "\\" ,1) -1)
Even if this can be done using RIGHT() or SUBSTRING() functions. I prefer using TOKEN and TOKENCOUNT() function to do that:
TOKEN([File Name],"\\",TOKENCOUNT([File Name],"\\"))
Example:
TOKEN("\\\\Server\\Folder1\\Folder2\\Folder3\\File21.csv","\\",TOKENCOUNT("\\\\Server\\Folder1\\Folder2\\Folder3\\File21.csv","\\"))
Result:
File21.csv
Related
Using the FOR XML PATH structure to create a list of values,
I find that (annoyingly) it always adds a trailing space to selected values.
This ruins my attempts at providing my own delimiters - the trailing space is added after the column and delimiters have been concatenated.
For example:
SELECT country + '-' FROM countryTable...
results in the following string:
china- france- england-
Has anyone else seen this, and is there a way to stop it?
I don't think TRIM() will work, as that would be applied before the extra space is inserted...
I'm using SQL Server 2016.
Thanks
Ok, thanks to John C and his sample query I found the culprit.
I had a AS [data()] clause after the column name/delimiter.
Removing that removed the trailing space.
I don't know how/why but it did...
I suspect the data inside the country column, What if each value in Country column is having leading space. For XML PATH does not add any space to the data
Try this
SELECT RTRIM(LTRIM(country)) + '-' FROM countryTable...
You may have leading/trailing spaces and/or CRLFs. Perhaps this will help
Declare #countryTable table (country varchar(100))
Insert Into #countryTable values
(' china'), -- leading space
(char(13)+'france'), -- leading char(13)
(char(10)+'england') -- leading char(10)
Select Value=Stuff((Select Distinct '-' + ltrim(rtrim(replace(replace(country,char(13),''),char(10),'')))
From #countryTable
Where 1=1
For XML Path ('')),1,1,'')
Returns
Value
china-england-france
FOR XML PATH ... AS [data()] add to this from MS Help
If the path specified as column name is data(), the value is treated as an atomic value in the generated XML. A space character is added to the XML if the next item in the serialization is also an atomic value. This is useful when you are creating list typed element and attribute values.
When you write here ... AS something. Then something is used as open/closing markup tag for each selected value.
Add 2. Is possible concate in select clausule more fileds from each row. For other types than string type, value must be converted into string type CAST AS
So I need to insert some values into a vertica database (via vsql), which may contain quotes and all sorts of special characters. But vertica does not seem to understand character escaping. For example:
rpt=> select "asdasda\"asdasdad" from some_table limit 1;
rpt"> ";
ERROR: syntax error at or near "" from some_table limit 1;
"" at character 26
LINE 1: select "asdasda\"asdasdad" from some_table limit 1;
This is not the insert statement, but you should get the idea.
Well, first off I should have used single quotes. Escape sequences used to work in earlier versions (before 4.0 I believe), but now they are off by default. If you do not want to tweak database config parameters you have two options.
Use E' syntax:
select E'somethin\' here' from v_catalog.dual_p;
Or double the quotes that need to be escaped:
select 'somethin'' here' from v_catalog.dual_p;
I want to use quotation with escape character. How can I do to avoid the following error when one has a special character?
Unclosed quotation mark after the character string.
You can escape quotation like this:
select 'it''s escaped'
result will be
it's escaped
To escape ' you simly need to put another before: ''
As the second answer shows it's possible to escape single quote like this:
select 'it''s escaped'
result will be
it's escaped
If you're concatenating SQL into a VARCHAR to execute (i.e. dynamic SQL), then I'd recommend parameterising the SQL. This has the benefit of helping guard against SQL injection plus means you don't have to worry about escaping quotes like this (which you do by doubling up the quotes).
e.g. instead of doing
DECLARE #SQL NVARCHAR(1000)
SET #SQL = 'SELECT * FROM MyTable WHERE Field1 = ''AAA'''
EXECUTE(#SQL)
try this:
DECLARE #SQL NVARCHAR(1000)
SET #SQL = 'SELECT * FROM MyTable WHERE Field1 = #Field1'
EXECUTE sp_executesql #SQL, N'#Field1 VARCHAR(10)', 'AAA'
You can define your escape character, but you can only use it with a LIKE clause.
Example:
SELECT columns FROM table
WHERE column LIKE '%\%%' ESCAPE '\'
Here it will search for % in whole string and this is how one can use ESCAPE identifier in SQL Server.
You need to just replace ' with '' inside your string
SELECT colA, colB, colC
FROM tableD
WHERE colA = 'John''s Mobile'
You can also use REPLACE(#name, '''', '''''') if generating the SQL dynamically
If you want to escape inside a like statement then you need to use the ESCAPE syntax
It's also worth mentioning that you're leaving yourself open to SQL injection attacks if you don't consider it. More info at Google or: http://it.toolbox.com/wiki/index.php/How_do_I_escape_single_quotes_in_SQL_queries%3F
Escaping quotes in MSSQL is done by a double quote, so a '' or a "" will produce one escaped ' and ", respectively.
If you want to escape user input in a variable you can do like below within SQL
Set #userinput = replace(#userinput,'''','''''')
The #userinput will be now escaped with an extra single quote for every occurance of a quote
WHERE username LIKE '%[_]d'; -- #Lasse solution
WHERE username LIKE '%$_d' ESCAPE '$';
WHERE username LIKE '%^_d' ESCAPE '^';
FROM:
SQL Server Escape an Underscore
You could use the **\** character before the value you want to escape e.g
insert into msglog(recipient) values('Mr. O\'riely')
select * from msglog where recipient = 'Mr. O\'riely'
To keep the code easy to read, you can use square brackets [] to quote the string containing ' or vice versa .
I have this function in SQL Server to replace single quotes.
But when I insert a single quote it throws an error on Replace(#strip,''','')):
Create Function [dbo].[fn_stripsingleQuote]
(#strStrip varchar(Max))
returns varchar
as
begin
declare #CleanString varchar(Max)
SET #var=(Replace(#strip,'',''))
return #var
end
You need to double up your single quotes as follows:
REPLACE(#strip, '''', '')
Try REPLACE(#strip,'''','')
SQL uses two quotes to represent one in a string.
If you really must completely strip out the single quotes you can do this:
Replace(#strip, '''', '')
However, ordinarily you'd replace ' with '' and this will make SQL Server happy when querying the database. The trick with any of the built-in SQL functions (like replace) is that they too require you to double up your single quotes.
So to replace ' with '' in code you'd do this:
Replace(#strip, '''', '''''')
Of course... in some situations you can avoid having to do this entirely if you use parameters when querying the database. Say you're querying the database from a .NET application, then you'd use the SqlParameter class to feed the SqlCommand parameters for the query and all of this single quote business will be taken care of automatically. This is usually the preferred method as SQL parameters will also help prevent SQL injection attacks.
You could use char(39)
insert into my_table values('hi, my name'+char(39)+'s tim.')
Or in this case:
Replace(#strip,char(39),'')
Looks like you're trying to duplicate the QUOTENAME functionality. This built-in function can be used to add delimiters and properly escape delimiters inside strings and recognizes both single ' and double " quotes as delimiters, as well as brackets [ and ].
Try escaping the single quote with a single quote:
Replace(#strip, '''', '')
We have to double the number of quotes.
To replace single quote :
REPLACE(#strip, '''', '')
To replace double quotes :
REPLACE(#strip, '''''', '')
If escaping your single quote with another single quote isn't working for you (like it didn't for one of my recent REPLACE() queries), you can use SET QUOTED_IDENTIFIER OFF before your query, then SET QUOTED_IDENTIFIER ON after.
For example
SET QUOTED_IDENTIFIER OFF;
UPDATE TABLE SET NAME = REPLACE(NAME, "'S", "S");
SET QUOTED_IDENTIFIER OFF;
I ran into a strange anomaly that would apply here. Using Google API and getting the reply in XML format, it was failing to convert to XML data type because of single quotes.
Replace(#Strip ,'''','')
was not working because the single quote was ascii character 146 instead of 39.
So I used:
Replace(#Strip, char(146), '')
which also works for regular single quotes char(39) and any other special character.
Try this :
select replace (colname, char(39)+char(39), '') AS colname FROM .[dbo].[Db Name];
I have achieved the desired result.
Example : Input value --> Like '%Pat') '' OR
Want Output --> *Like '%Pat') OR*
using above query achieved the desired result.
The striping/replacement/scaping of single quotes from user input (input sanitation), has to be done before the SQL statement reaches the database.
Besides needing to escape the quote (by using double quotes), you've also confused the names of variables: You're using #var and #strip, instead of #CleanString and #strStrip...
I think this is the shortest SQL statement for that:
CREATE FUNCTION [dbo].[fn_stripsingleQuote] (#strStrip varchar(Max))
RETURNS varchar(Max)
AS
BEGIN
RETURN (Replace(#strStrip ,'''',''))
END
I hope this helps!
select replace ( colname, '''', '') AS colname FROM .[dbo].[Db Name]
How do I escape a string in SQL Server's stored procedure so that it is safe to use in LIKE expression.
Suppose I have an NVARCHAR variable like so:
declare #myString NVARCHAR(100);
And I want to use it in a LIKE expression:
... WHERE ... LIKE '%' + #myString + '%';
How do I escape the string (more specifically, characters that are meaningful to LIKE pattern matching, e.g. % or ?) in T-SQL, so that it is safe to use in this manner?
For example, given:
#myString = 'aa%bb'
I want:
WHERE ... LIKE '%' + #somehowEscapedMyString + '%'
to match 'aa%bb', 'caa%bbc' but not 'aaxbb' or 'caaxbb'.
To escape special characters in a LIKE expression you prefix them with an escape character. You get to choose which escape char to use with the ESCAPE keyword. (MSDN Ref)
For example this escapes the % symbol, using \ as the escape char:
select * from table where myfield like '%15\% off%' ESCAPE '\'
If you don't know what characters will be in your string, and you don't want to treat them as wildcards, you can prefix all wildcard characters with an escape char, eg:
set #myString = replace(
replace(
replace(
replace( #myString
, '\', '\\' )
, '%', '\%' )
, '_', '\_' )
, '[', '\[' )
(Note that you have to escape your escape char too, and make sure that's the inner replace so you don't escape the ones added from the other replace statements). Then you can use something like this:
select * from table where myfield like '%' + #myString + '%' ESCAPE '\'
Also remember to allocate more space for your #myString variable as it will become longer with the string replacement.
Had a similar problem (using NHibernate, so the ESCAPE keyword would have been very difficult) and solved it using the bracket characters. So your sample would become
WHERE ... LIKE '%aa[%]bb%'
If you need proof:
create table test (field nvarchar(100))
go
insert test values ('abcdef%hijklm')
insert test values ('abcdefghijklm')
go
select * from test where field like 'abcdef[%]hijklm'
go
Rather than escaping all characters in a string that have particular significance in the pattern syntax given that you are using a leading wildcard in the pattern it is quicker and easier just to do.
SELECT *
FROM YourTable
WHERE CHARINDEX(#myString , YourColumn) > 0
In cases where you are not using a leading wildcard the approach above should be avoided however as it cannot use an index on YourColumn.
Additionally in cases where the optimum execution plan will vary according to the number of matching rows the estimates may be better when using LIKE with the square bracket escaping syntax when compared to both CHARINDEX and the ESCAPE keyword.
You specify the escape character. Documentation here:
http://msdn.microsoft.com/en-us/library/ms179859.aspx
Do you want to look for strings that include an escape character? For instance you want this:
select * from table where myfield like '%10%%'.
Where you want to search for all fields with 10%? If that is the case then you may use the ESCAPE clause to specify an escape character and escape the wildcard character.
select * from table where myfield like '%10!%%' ESCAPE '!'
Alternative escaping syntax:
LIKE Wildcard Literals
The JDBC driver supports the {escape 'escape character'} syntax for using LIKE clause wildcards as literals.
SELECT *
FROM tab
WHERE col LIKE 'a\_c' {escape '\'};
db<>fiddle demo