Reputation: 345
Error while inserting data having single quotes between it
I have an application that is saving clob data into database. Suppose when I put some text into textbox and then click save. It will call a procedure that will insert this text (clob) into database table.
Suppose I have the following text:
Hi i am gaurav's soni's
Now my procedure take this clob data as:
insert into rtf_clob(1,'Hi i am gaurav's soni's');
This however throws an error.
How to handle this single quote in dynamic data coming from front end?
I'm using oracle as RDBMS.
Upvotes: 0
Views: 3191
Answers (2)
Reputation: 231861
You should not be writing code to escape the string. The fact that you need to escape the string implies that you are doing something wrong.
If you are using bind variables in your INSERT statement, there will be no need to escape the string when there is a stray single quote. There will also be no need to try to identify SQL injection attacks in the string which is a huge security issue if you're not using bind variables. And you won't be forcing Oracle to parse the query every time it is executed which is critical to system performance.
If the procedure you're talking about is written in PL/SQL, it will use bind variables automatically. Guessing at the column names and assuming that you're using a sequence to generate your primary key, you'd have something like this
CREATE PROCEDURE insert_rtf_clob( p_clob IN NOCOPY CLOB )
AS
BEGIN
INSERT INTO rtf_clob( rtf_clob_id, rtf_clob_value )
VALUES( seq_rtf_clob_id.nextval, p_clob );
END;
Other front-end languages will have different approaches to using bind variables. If you're writing Java using JDBC, for example, you'd create a PreparedStatement and then then call appropriate setXXX methods, i.e.
PreparedStatement stmt = conn.prepareStatement( "INSERT INTO rtf_clob VALUES( ?, ? )" );
stmt.setInt( 1, 1 ); // Set column 1 to a value of 1
stmt.setString( 2, someStringVariable ); // Set column 2 to someStringVariable
stmt.executeUpdate();
Upvotes: 3
Reputation: 3951
Double the ': insert into rtf_clob(1,'Hi i am gaurav''s soni''s');
Upvotes: 1
Related Questions
- Inserting a string with double quotes into a table
- Semicolon and Single Quote Issue in SQL Insert Statements
- ORA-01756: quoted string not properly terminated when I try to execute my code
- Insert a column with single quote or Apostrophe in Oracle
- How to insert a value with embedded single quotes in Oracle
- Escaping single quote in PLSQL
- pl/sql quotes exception
- PHP and Oracle - Getting ’ rather than single quote with insert
- Insert Query Error (Invalid Character)
- Oracle 10g - Escape quote in insert statement