this is my string
$mystring = "INSERT INTO `glpi_networkports` (`entities_id`,`is_recursive`,`items_id`,`itemtype`,`comment`,`logical_number`,`name`,`networkinterfaces_id`,`ip`,`mac`,`netmask`,`gateway`,`subnet`,`netpoints_id`)"
How can i ignore escape ?
Because it gave me string like this :
INSERT INTO glpi_networkports (entities_id,is_recursive,items_id,itemtype,comment,logical_number,
ame,
etworkinterfaces_id,ip,mac,
etmask,gateway,subnet,
etpoints_id)
Thanks
Currently your select statement is changed because you used a double quoted string and `n is expanded to a new line, turning the select to an invalid statement.
Use single quotes to maintain the backticks and disable string expansion.
use quote or double the escape char:
$mystring = "INSERT INTO 'glpi_networkports' ..."
$mystring = "INSERT INTO ``glpi_networkports`` ...
Related
$ psql -E --host=xxx --port=yyy --username=chi --dbname=C_DB -c 'DELETE FROM "Stock_Profile" WHERE "Symbol" = 'MSFT'; '
ERROR: column "msft" does not exist
LINE 1: DELETE FROM "Stock_Profile" WHERE "Symbol" = MSFT;
How do I show psql that MSFT is a string?
It does not like 'MSFT', \'MSFT\' or ''MSFT''
The problem you have is that you've run out of types of quote mark to nest; breaking apart, we have:
your shell needs to pass a single string to the psql command; this can be either single quotes or double quotes
your table name is mixed case so needs to be double quoted
your string needs to be single quoted
In the example you give:
psql -E --host=xxx --port=yyy --username=chi --dbname=C_DB -c 'DELETE FROM "Stock_Profile" WHERE "Symbol" = 'MSFT'; '
The shell sees two single-quoted strings:
'DELETE FROM "Stock_Profile" WHERE "Symbol" = '
`'; '
So the problem is not in psql, but in the shell itself.
Depending on what shell you are using, single-quoted strings probably don't accept any escapes (so \' doesn't help) but double-quoted strings probably do. You could therefore try using double-quotes on the outer query, and escaping them around the table name:
psql -E --host=xxx --port=yyy --username=chi --dbname=C_DB -c "DELETE FROM \"Stock_Profile\" WHERE \"Symbol\" = 'MSFT'; "
Now the \" won't end the string, so the shell will see this as a single string:
"DELETE FROM \"Stock_Profile\" WHERE \"Symbol\" = 'MSFT'; "
and pass it into psql with the escapes processed, resulting in the desired SQL:
DELETE FROM "Stock_Profile" WHERE "Symbol" = 'MSFT';
It's because the single quote before MSFT terminates the string as far as psql is concerned.
As #imsop points out case sensitivity is not preserved when removing double quotes from table names and column names so you can escape the double quotes with backward slash (\) when this is required.
psql -E --host=xxx --port=yyy --username=chi --dbname=C_DB -c "DELETE FROM \"Stock_Profile\" WHERE \"Symbol\" = 'MSFT';"
I am wondering how I can remove all newline characters in Redshift from a field. I tried something like this:
replace(replace(body, '\n', ' '), '\r', ' ')
and
regexp_replace(body, '[\n\r]+', ' ')
But it didn't work. Please share if you know how to do this.
Use chr(10) instead of \n
example:
select replace(CONCAT('Text 1' , chr(10), 'Text 2'), chr(10), '-') as txt
This should help
regexp_replace(column, '\r|\n', '')
To remove line breaks:
SELECT REPLACE('This line has
a line break', CHR(10), '');
This gives output: This line hasa line break. You can see more ASCII or CHR() codes here: https://www.petefreitag.com/cheatsheets/ascii-codes/
To remove special characters like \r, \n, \t
Assuming col1 has text like This line has\r\n special characters.
Using replace()
SELECT REPLACE(REPLACE(col1, '\\r', ''), '\\n', '');
We need to escape \ because backslash is special character in SQL (used to escape double quotes, etc...)
Using regexp_replace()
SELECT REGEXP_REPLACE(col1, '(\\\\r|\\\\n)', '');
We need to escape \ because it is a special character in SQL and we need to escape the resulting backslashes again because backslash is a special character in regex as well.
Both replace() and regexp_replace() gives output: This line has special characters.
Below is my Perl script
str_replace(rtrim(c_manager),'''','_'),'."\n".
throws error
str_replace(rtrim(c_manager), '''"
Bad name after _' at pl_recert_output.pl line 262.
Please help to solve this issue:
$sql = 'select rtrim(f_admin_disabled),'."\n".
' convert(varchar,t_password,101),'."\n".
' rtrim(c_email),'."\n".
' str_replace(rtrim(c_manager),'''','_'),'."\n".
' rtrim(c_mgr_email)'."\n".
' from tuserprofile'."\n".
' where ic_user1 = '."'$user_id'"."\n";
You have single quotes within your single quoted string.
Single quotes within a quote string must be escaped with \'.
However, you would be better off using the multi-line quoting syntax for cleaner code:
$sql = <<EOF;
select rtrim(f_admin_disabled),
convert(varchar,t_password,101),
rtrim(c_email),
str_replace(rtrim(c_manager),'''','_'),
rtrim(c_mgr_email)
from tuserprofile
where ic_user1 = '$user_id'
EOF
;
This has the intended result without messy escaping and string concatenation.
You need to escape the single quotes in your variable assignment:
my $user_id = 'test';
my $sql = 'select rtrim(f_admin_disabled),'."\n".
' convert(varchar,t_password,101),'."\n".
' rtrim(c_email),'."\n".
' str_replace(rtrim(c_manager),\'\'\'\',\'_\'),'."\n".
' rtrim(c_mgr_email)'."\n".
' from tuserprofile'."\n".
' where ic_user1 = '."'$user_id'"."\n";
print $sql;
results in :
select rtrim(f_admin_disabled),
convert(varchar,t_password,101),
rtrim(c_email),
str_replace(rtrim(c_manager),'''','_'),
rtrim(c_mgr_email)
from tuserprofile
where ic_user1 = 'test'
Check if that is the result you expected.
I am attempting to error trap a T-SQL variable name by making sure that the value of the variable is prefixed with a bracket "[".
Here's an example of how I am trying to do this:
DECLARE #thing nvarchar(20)
SET #thing = '[55555'
IF(#thing NOT LIKE '[' + '%') --If the value does not start with [ then add it
BEGIN
SET #thing = '[' + #thing
END
PRINT #thing
The example above PRINT's [[55555
Notice that the original value of #thing was prefixed with the bracket "[". I was expecting the IF condition would have returned false since "[55555" is LIKE '[' + '%'
Why is the IF condition not returning false? And, more importantly I suppose, what is the correct syntax to check for the existence of a string that occurs at the beginning of a variable string value?
EDIT
It appears as there is something special about the bracket "[". When I run LIKE on a bracket it doesn't do what I expect, but when I don't use a bracket the LIKE works the way I expect.
Check out these examples:
IF('[' NOT LIKE '[')
BEGIN
PRINT '[ is NOT LIKE ['
END
ELSE
BEGIN
PRINT '[ is LIKE ['
END
IF('StackO' NOT LIKE 'StackO')
BEGIN
PRINT 'STACKO is NOT LIKE StackO'
END
ELSE
BEGIN
PRINT 'STACKO is LIKE StackO'
END
Here's the output of the two conditions:
[ is NOT LIKE [
STACKO is LIKE StackO
I believe it may be because '[' is actually part of the LIKE operators syntax, as defined here: http://msdn.microsoft.com/en-us/library/ms179859.aspx
You need to define an escape character to escape the [, like this:
DECLARE #thing nvarchar(20)
SET #thing = '[55555'
IF(#thing NOT LIKE '\[%' ESCAPE '\' )
BEGIN
SET #thing = '[' + #thing
END
PRINT #thing
An alternative solution would be the following:
DECLARE #thing nvarchar(20)
SET #thing = '[55555'
IF(LEFT(#thing,1) <> '[') --If the value does not start with [ then add it
BEGIN
SET #thing = '[' + #thing
END
PRINT #thing
To get it working change your check to
IF (SUBSTRING(#thing, 1,1) != '[')
The reason why the like is not working is because [ is a special char in like. just like % is. See here
Bracket characters ([ and ]) are special wildcard characters in T-SQL. To search for those literal characters, you'll want to escape those characters (indicate that you want to search for those literal characters, rather than employing them as wildcards). Use ESCAPE to do this, like so:
DECLARE #thing nvarchar(20)
SET #thing = '[55555'
-- pick an escape character you won't see in your content
IF(#thing NOT LIKE '![' + '%' ESCAPE '!')
BEGIN
SET #thing = '[' + #thing
END
PRINT #thing
This prints [55555.
From MSDN:
You can search for character strings that include one or more of the special wildcard characters... To search for the percent sign as a character instead of as a wildcard character, the ESCAPE keyword and escape character must be provided. For example, a sample database contains a column named comment that contains the text 30%. To search for any rows that contain the string 30% anywhere in the comment column, specify a WHERE clause such as WHERE comment LIKE '%30!%%' ESCAPE '!'.
You have to escape special characters (brackets, single quotes, etc.). In this case, you could do this:
LIKE '[['
EDIT:
PS -- [ is a special character because it can be used for wildcards, like this: LIKE '[0-9]' to do pattern-matching. (In this case, the match is like a regex -- any digit between 0 and 9.
I am having a problem with mysqli_real_escape_string and single quotes.
Anytime an insert takes a value that includes a ' mysqli_real_escape_string replaces it with \' causing the insert to fail.
I do not have magic quotes enabled, which seems to be a common cause of this problem, but still find I get \' and not \' or even \\'
Can anyone tell me what might have gone wrong here?
taking this to an answer since comments are a bit limiting.
So you're generating the query like
$a = mysqli_real_escape_string(... something ...);
$b = mysqli_real_escape_string(... something else ...);
$sql = "INSERT ... VALUES ('$a', '$b')";
?
ok. so let's say this:
$a = "'"; // a is now a single quote: '
$escaped_a = mysql_real_escape_string($a); // should be \' now
$sql1 = "INSERT ... VALUES ('$a' ..."
$sql2 = "INSERT ... VALUES ('$escaped_a' ..."
you should end up with
INSERT ... vALUES (''' ...
INSERT ... VALUES ('\'' ...
The first one is "bad". because of the extra quote. The second is valid.