I have a table column(nvarchar type) which contains an entry "XYZ INT'ABC" and I am using this column in a stored procedure in the where clause. So when adding the condition in the where clause, the check should be done as below:
select * from tableName where ColumnName = 'XYZ INT''ABC';
When passing the parameter to the SP from VB.net code, the parameter is passed correctly as shown in the select query above. But the SP searches using the below query due to which I am not getting the desired output for the mentioned where clause.
select * from tableName where ColumnName = 'XYZ INT''''ABC';
Please help. Thanks in advance.
You've got some suggestions in comments already. Just some explanation:
The doubled quotes are not really part of the string
DECLARE #SomeString VARCHAR(100) = 'With one quote''!';
The string you'll find within your variable will be With one quote'!. The doubled quotes are just a syntax speciality to allow the statement parser to see, whether a quote terminates the string or not. Something like
DECLARE #SomeString VARCHAR(100) = 'With one quote'!'; --wrong!
...is wrong, because the string ends after quote and the !' is a syntax error suddenly.
You need this only in cases, where the single quote is the string marker. In VB.Net you'd have the same issue, if you want to place a double quote " within your string, but this would work in SQL like here:
DECLARE #SomeString VARCHAR(100) = 'With one double quote"!';
You must think two-folded
How do you assign a value? (depending on your IDE and statement parser)
What is the actual value stored in a variable (this will be used at run-time)
Related and more obvious example:
Very often you see code like this (assignment)
string SomeString = "Some text/nwith a line-break";
which is translated to (actual value)
Some text
with a line-break
I have a TELEPHONE_NUMBER as a varchar like this:
Value : "1112223344"
And I need to add "-" to the value like this:
111-222-33-44
So how can I add - to my telephone number value in my SQL Server stored procedure?
CREATE PROCEDURE SP_TELEPHONE_NUMBER
(#TELEPHONE_NUMBER VARCHAR(4000))
AS
BEGIN
INSERT INTO DOSYA_ARSIV(TELEPHONE_NUMBER)
VALUES(#TELEPHONE_NUMBER)
END
Just an alternative:
select SUBSTRING('1112223344',1,3)+'-'+
SUBSTRING('1112223344',4,3)+'-'+
SUBSTRING('1112223344',7,2)+'-'+
SUBSTRING('1112223344',9,2)
In your case:
CREATE PROCEDURE SP_TELEPHONE_NUMBER
(#TELEPHONE_NUMBER VARCHAR(4000))
AS
BEGIN
INSERT INTO DOSYA_ARSIV(TELEPHONE_NUMBER)
VALUES
(
SUBSTRING(#TELEPHONE_NUMBER,1,3)+'-'+
SUBSTRING(#TELEPHONE_NUMBER,4,3)+'-'+
SUBSTRING(#TELEPHONE_NUMBER,7,2)+'-'+
SUBSTRING(#TELEPHONE_NUMBER,9,2)
)
END
As noobob has mentioned in his comment, you may have this as an INT type (INT,BIGINT or something similar) and just handle the way it is displayed in the front end. For instance in C# you would have it as:
TELEPHONE_NUMBER.ToString("###-###-##-##");
Another comment would be that defining the expected argument as VARCHAR(4000) is way too much. Though it might not be very bad, it is a good point to define arguments or variables as close to expected input as you can. In your case i would say that something like VARCHAR(30) would be enough.
Use STUFF function in the MS SQL server
SET #TELEPHONE_NUMBER=STUFF(STUFF(STUFF(#TELEPHONE_NUMBER,4,0,'-'),8,0,'-'),11,0,'-')
I have a varchar variable been defined like this.
declare #IDs varchar(50)
set #IDs ='111,123,567,'
Now I need to extract the last value in the list always 567.
The values in #IDs can be like this also
set #IDs ='56,'
In this case we need extract only the value 56.
How can we do it?
i think you will find this user defined function to split the string helpful:
http://www.codeproject.com/Articles/7938/SQL-User-Defined-Function-to-Parse-a-Delimited-Str
You can use the string splitter found here: http://www.sqlservercentral.com/articles/Tally+Table/72993/
It is very fast, you can call it like so:
SELECT *
FROM dbo.DelimitedSplit8K(#IDs,',')
This will return you a result set of all the values in the string.
I want to ask:
len(someTextField)
ltrim(someTextField)
which doesn't work, as the above functions apparently only work with string but not text
Any alternative ways to perform the same?
Use varchar(max) not text since SQL Server 2005+
If you are stuck with text or ntext, you can use DATALENGTH to replace LEN. There are differences with it (no implied RTRIM, measures bytes not characters) but your options are limited.
There is no LTRIM equivalent for the old datatypes
You can CAST the columns though:
CREATE TABLE dbo.Typetest (OldCol text NULL)
GO
INSERT dbo.TypeTest (OldCol) VALUES ('abcdefg')
INSERT dbo.TypeTest (OldCol) VALUES ('abcdefghijklm')
GO
SELECT LEN(CAST(OldCol AS varchar(max))), LTRIM(CAST(OldCol AS varchar(max))) FROM dbo.Typetest
GO
DROP TABLE dbo.Typetest
GO
I have this function in SQL Server to replace single quotes.
But when I insert a single quote it throws an error on Replace(#strip,''','')):
Create Function [dbo].[fn_stripsingleQuote]
(#strStrip varchar(Max))
returns varchar
as
begin
declare #CleanString varchar(Max)
SET #var=(Replace(#strip,'',''))
return #var
end
You need to double up your single quotes as follows:
REPLACE(#strip, '''', '')
Try REPLACE(#strip,'''','')
SQL uses two quotes to represent one in a string.
If you really must completely strip out the single quotes you can do this:
Replace(#strip, '''', '')
However, ordinarily you'd replace ' with '' and this will make SQL Server happy when querying the database. The trick with any of the built-in SQL functions (like replace) is that they too require you to double up your single quotes.
So to replace ' with '' in code you'd do this:
Replace(#strip, '''', '''''')
Of course... in some situations you can avoid having to do this entirely if you use parameters when querying the database. Say you're querying the database from a .NET application, then you'd use the SqlParameter class to feed the SqlCommand parameters for the query and all of this single quote business will be taken care of automatically. This is usually the preferred method as SQL parameters will also help prevent SQL injection attacks.
You could use char(39)
insert into my_table values('hi, my name'+char(39)+'s tim.')
Or in this case:
Replace(#strip,char(39),'')
Looks like you're trying to duplicate the QUOTENAME functionality. This built-in function can be used to add delimiters and properly escape delimiters inside strings and recognizes both single ' and double " quotes as delimiters, as well as brackets [ and ].
Try escaping the single quote with a single quote:
Replace(#strip, '''', '')
We have to double the number of quotes.
To replace single quote :
REPLACE(#strip, '''', '')
To replace double quotes :
REPLACE(#strip, '''''', '')
If escaping your single quote with another single quote isn't working for you (like it didn't for one of my recent REPLACE() queries), you can use SET QUOTED_IDENTIFIER OFF before your query, then SET QUOTED_IDENTIFIER ON after.
For example
SET QUOTED_IDENTIFIER OFF;
UPDATE TABLE SET NAME = REPLACE(NAME, "'S", "S");
SET QUOTED_IDENTIFIER OFF;
I ran into a strange anomaly that would apply here. Using Google API and getting the reply in XML format, it was failing to convert to XML data type because of single quotes.
Replace(#Strip ,'''','')
was not working because the single quote was ascii character 146 instead of 39.
So I used:
Replace(#Strip, char(146), '')
which also works for regular single quotes char(39) and any other special character.
Try this :
select replace (colname, char(39)+char(39), '') AS colname FROM .[dbo].[Db Name];
I have achieved the desired result.
Example : Input value --> Like '%Pat') '' OR
Want Output --> *Like '%Pat') OR*
using above query achieved the desired result.
The striping/replacement/scaping of single quotes from user input (input sanitation), has to be done before the SQL statement reaches the database.
Besides needing to escape the quote (by using double quotes), you've also confused the names of variables: You're using #var and #strip, instead of #CleanString and #strStrip...
I think this is the shortest SQL statement for that:
CREATE FUNCTION [dbo].[fn_stripsingleQuote] (#strStrip varchar(Max))
RETURNS varchar(Max)
AS
BEGIN
RETURN (Replace(#strStrip ,'''',''))
END
I hope this helps!
select replace ( colname, '''', '') AS colname FROM .[dbo].[Db Name]