tags:

views:

34

answers:

2
Q: 

Using comma with an update sentence

I want to update a row which has some html tags inside. For instance 

 src='/imagem.png'></ p></ body>

> UPDATE ISTANBUL_TABLE  SET TEXT = '<
> body>< p>< img src='/imagem.png '></
> p></ body>'  WHERE  1=1

you see after src=' means the query ends, but it does not end. how can i solve it without using " (double comma). any solution please?

best regards bk

+4  A: 

You need to escape the single-quotes, by typing them twice:

UPDATE ISTANBUL_TABLE SET TEXT = '<  body>< p>< img src=''/imagem.png ''>' WHERE 1=1

Also, your WHERE clause is nonsensical and can be dropped entirely

UPDATE ISTANBUL_TABLE SET TEXT = '<body><p><img src=''/imagem.png''>'
David Hedlund  2009-12-07 14:44:33
double single-quotes is ok then?I mean where clause still has meaning after using twice single-quotes.
blgnklc  2009-12-07 14:49:41
Not crazy about typing extra quotes -- it would be hard to spot an error. But I totally agree that the WHERE clause is not needed.
DOK  2009-12-07 14:51:24
yeah you are right. but i will need the where clause for different cases of next operations
blgnklc  2009-12-07 14:52:52
Yes, doubling single quotes is just escaping them so that they don't close the string. One of the (number of) reasons why it's neater to use parameterised SQL instead of adhoc generated like this as you don't need to worry about escaping like this
AdaTheDev  2009-12-07 14:54:05
+1  A: 

Use parameterised SQL:

UPDATE ISTANBUL_TABLE SET TEXT = @HTML WHERE...

Then from your calling code, you just pass in the @HTML parameter and don't need to double up the single quotes.

AdaTheDev  2009-12-07 14:48:22
the operation will be handled on sql management studio
blgnklc  2009-12-07 14:53:49

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP