i want to insert default value in database table
and i am using and put text string below:
INSERT INTO song_text VALUES(1,'Tell me girl, what's it gonna be I
want you, baby do you want me You got me going insane, I'm losing my
mind Is your love true, or am I wasting my time',1);
but it is giving exception:
12-02 14:11:37.860: ERROR/Database(568): Failure 1 (near "s": syntax
error) on 0x247be8 when preparing 'INSERT INTO song_text
VALUES(2,'Tell me girl, what's it gonna be
please give any solution..
thanks
You have to escape the apostrophes:
INSERT INTO song_text VALUES(1,'Tell me girl, what\'s it gonna be I want you, baby do you want me You got me going insane, I\'m losing my mind Is your love true, or am I wasting my time',1);
You should escape characters for your String, since for what's, it understands you have finished your String. Thus you should use: what\'s.
To be generic, you can use a method to replace all ' to \'. For example you may use:
private String convertString(String x) {
return x = x.replace("'","\'");
}
Hope this helps!
Related
While I was trying the following SQL command , I got sql error.
INSERT INTO exampleTbl VALUES('he doesn't work for me')
where doesn't contain the apostrophe.
What is the way to insert text having ' (apostrophe) into a SQL table.
In SQL, the way to do this is to double the apostrophe:
'he doesn''t work for me'
However, if you are doing this programmatically, you should use an API that accepts parameters and escapes them for you automatically. Programmatically escaping and using string concatenation to assemble a query yourself is a sure way to end up with SQL injection vulnerabilities.
INSERT INTO exampleTbl VALUES('he doesn''t work for me')
If you're adding a record through ASP.NET, you can use the SqlParameter object to pass in values so you don't have to worry about the apostrophe's that users enter in.
$value = "he doesn't work for me";
$new_value = str_replace("'", "''", "$value"); // it looks like " ' " , " ' ' "
INSERT INTO exampleTbl (`column`) VALUES('$new_value')
try this
INSERT INTO exampleTbl VALUES('he doesn''t work for me')
insert into table1 values("sunil''s book",123,99382932938);
use double apostrophe inside of single apostrophe,
it will work
I know the question is aimed at the direct escaping of the apostrophe character but I assume that usually this is going to be triggered by some sort of program providing the input.
What I have done universally in the scripts and programs I have worked with is to substitute it with a ` character when processing the formatting of the text being input.
Now I know that in some cases, the backtick character may in fact be part of what you might be trying to save (such as on a forum like this) but if you're simply saving text input from users it's a possible solution.
Going into the SQL database
$newval=~s/\'/`/g;
Then, when coming back out for display, filtered again like this:
$showval=~s/`/\'/g;
This example was when PERL/CGI is being used but it can apply to PHP and other bases as well. I have found it works well because I think it helps prevent possible injection attempts, because all ' are removed prior to attempting an insertion of a record.
yes, sql server doesn't allow to insert single quote in table field due to the sql injection attack. so we must replace single appostrophe by double while saving.
(he doesn't work for me) must be => (he doesn''t work for me)
you can use backslash '\' if you want to display a single quote in your text.
INSERT INTO exampleTbl VALUES('He doesn(\')t') ;
I am currently working on android application that can track income/outcome of a budget. In one of my database is named Transaction consist of:
Amount
Type (income/outcome)
Date
since this is my first application I'm not really confident with my code, especially in the database. And now I'm making a trigger that can calculate percentage of outcome in a month. Can you check it,if my code is right or not, or not efficient. Here is tiny part of my Trigger code.
In my code I want to calculate percentage of total outcome from the first of a month until the current date .
"CREATE TRIGGER Calc"+
"AFTER INSERT"+
"ON" +transaction+
"FOR EACH ROW" +
"WHEN (SELET * FROM amount.transaction
WHERE (strftime ('%d','now') - strftime('%d','start of month'))
HAVING SUM(amount.transaction WHERE type.transaction IS "outcome") /SUM(amount.transaction WHERE type.transaction IS "income") * 0.01 )"
is it select * from amount.transaction needed? so the code can be much simpler?
0.01 there is 100%
sorry its so messed up since I'm just start in making android and I'm not really well with database. If you have any suggestion please tell me.
Thanks before
I agree with commentors, I don't think you need to use triggers ahead of on-the-fly SELECT statements.
You do need to know that quotations " are literal and when concatenating strings, you need to manually add spaces.
I have a database that has numbers such as '05' & '5', and there are instances where I need to check if they are the same. I'm trying to normalize them when saving them. Can anyone help me in trying to either remove the '0' or add a '0' so I can get a accurately check if they are same?
I think you can compare the integer values of the both.
Integer.valueOf(05)
Integer.valueOf(5)
If you want to remove the 0 in front of 01,02 from a string, you can use a regular expression replaceAll() with the start character ^
string.replaceAll("^0","");
For multiple 0s, you can use *:
string.replaceAll("^0*","");
On the other hand, you can do the following if you want to check if it doesn't contain 0:
if(!string.contains("0"))
Then if you want you can add a 0 before storing into the database:
string.replaceAll("^","0")
You can use Integer.valueOf(String) method
Integer.valueOf('05') = 5 and Integer.valueOf('5') = 5
then you can check your data using this method:
but if you want to do this in sqlite query this is not usefull.
so, before adding them into your db you can do a replace, it's better than adding a zero.
String number_to_add = string.replaceAll("^0*","");
and then insert this into your db ;)
I trying to connect my Android application to a database on remote host.
I want to use the records of the DB, but there's a problem when i try to do this:
if(buffer.toString()=="OPEN")
{
button_signal.setText("OPEN");
}
else
{
button_signal.setText("CLOSE");
}
I have checked buffer.toString() using Logs, and it is equal to "OPEN", but the button_signal's text is printed "CLOSE". Why? Can you help me?
It might have some invisible characters or some letters might be in different case, so please try this:
buffer.toString().trim().equalsIgnoreCase("OPEN");
You can't compare String with the "==" Operator in Java. A String is an Object.
Try this buffer.toString().equals("OPEN");
EDIT:
Even better is if you compare it like this: "OPEN".equals(buffer.toString())
Because it won't throw an exception if buffer is null.
My query is
dbAdapter.selectRecordsFromDB("OmniaDB",new String[]{"imsi","type","msg","length","dt_gen","dt_send"},"type"+"="+"call"+"AND"+"dt_send"+"="+"null",null,null,null,"dt_gen");
Thrown exception is
android.database.sqlite.SQLiteException: no such column: callANDdt_send: , while compiling: SELECT imsi, type, msg, length, dt_gen, dt_send FROM OmniaDB WHERE type=callANDdt_send=null ORDER BY dt_gen
You're missing a ton of spaces in "type"+"="+"call"+"AND"+"dt_send"+"="+"null", should be "type='call' AND dt_send=null". Why are you even using concatenation when it should be a giant string? Anyway, there might be something else wrong after you fix that, though, since I have no clue what your data looks like.
"type"+"="+"call"+"AND"+"dt_send"+"="+"null"
None of this makes sense. Getting rid of the unnecessary concatenations leaves
"type = call AND dt_send = null"
which is invalid SQL. You're not quoting properly for the string call, and you can't compare NULL for equality with anything (including NULL).
This is more likely what you should be using:
"type = 'call' AND dt_send IS NULL"
There are probably other problems with the mess you posted, but this should solve at least one of them. (For instance, type may be a reserved word in SQLite; I'm not sure.)