Home > Others

Special SQL Character Processing

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
If there are no restrictions on user input, special characters must be converted.
If you do not change the single quotes, a database error may occur, or even cause a system crash.
However, the avoidance method is very simple. You only need to convert single quotes ['] into two single quotes.
Example: Select * From TBL where Col = 'abc''' def ';
Fuzzy query statements do not produce SQL errors, but cannot be retrieved if they are not avoided.
The Avoidance Method is more complex than single quotes. Escape characters are required. Convert [%] to [\ %] and [_] to [\ _],
Then add [escape.
Example: Select * From TBL where Col like 'abc \ % \ _ % 'escape '\';
※The last % is a wildcard.
If you are a Japanese project, [%], [_],
These two full-width characters are also processed as half-width wildcards.
Therefore, the full-width [%] and [_] must be transformed during conversion.
Example: Select * From TBL where Col like 'abc \ % \ _ % 'escape '\';
It seems like this is over, but don't forget that there are also escape characters. In case you enter the escape characters,
An SQL error occurs during the above processing. Therefore, escape characters must be transformed. The conversion method is to convert [\] to [\].

Example: Select * From TBL where Col like 'abc \ % \ _ % 'escape '\';
The preceding operations are applicable to common data types, such as char and varchar2.
If nchar or nvarchar2 appears, the above processing will result in a ORA-01425 error.

If you change to the following syntax, A ORA-01424 error occurs.
Select * From TBL where Col like '% \ _ %' escape to_nchar ('\')
Which of the following statements is true?
Select * From TBL where Col likec '% \ _ %' escape to_nchar ('\')

The last note is that every like should write an escape statement.
Example:
Select * From TBL
Where col1 like '% \ _ %' escape '\' or col2 like '% \ _ %' escape '\'
Create Table # temp (charcater varchar (50 ))
Insert into # temp
Values
('Werwerweerwe [werwe] werwerwer ')
Insert into # temp
Values
('Werwerweerwe [zzzzzzzzzz ')
Insert into # temp
Values
('Werwerweerwe] zzzzzzzzzz ')

Select * from # temp where charcater like '%] %'
Select * from # temp where charcater like '% [] %'

If you query '[', then like should be followed by [[], and ']', then it will be written directly]

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More