- Remove From My Forums
-
Question
-
Hi,
I am getting the error «Unclosed quotation mark after the character string ‘)» with this code:
Code Snippet
cmd = New SqlCommand(«INSERT INTO PRODUCT VALUES (‘» & Me.TextBox1.Text & _
«‘,'» & Me.TextBox2.Text & «‘,'» & Me.TextBox3.Text & «‘,'» & Me.ComboBox.Text & _
«‘,'» & Me.TextBox4.Text & «‘»»)», conn)Do anyone know what’s going wrong around Me.TextBox4.Text. Thanks.
Answers
-
That’s because Micah’s Suggestions contains a single quote — to clean it up, replace single quotes with two single quotes…it’ll run fine if you do:
Code Snippet
cmd = New SqlCommand(«INSERT INTO PRODUCT VALUES (‘» & Replace(Me.TextBox1.Text, «‘», «»») & _
«‘,'» & Replace(Me.TextBox2.Text, «‘», «»») & «‘,'» & Replace(Me.TextBox3.Text, «‘», «»») & «‘,'» & Replace(Me.ComboBox.Text, «‘», «»») & _
«‘,'» & Replace(Me.TextBox4.Text, «‘», «»») & «‘)», conn)BTW — you’re better off using SQL Parameters when you are passing user input values into a statement. As it stands (before you apply the Replace edits I mentioned above), what do you think would happen if somebody entered the following into TextBox1:
Blah’, », », », »); DROP TABLE PRODUCT; —
You would get….
INSERT INTO PRODUCT VALUES(‘Blah’, », », », »); DROP TABLE PRODUCT; — (the rest of your command).
Syntax might be off by a bit (I’m not a hacker by trade!), but you get the idea. SQLParameters make sure that the data passed in is treated as such, not as executable code. Of course, the user you are accessing SQL Server with should never have access to DROP the PRODUCT table, but it’s good to cover your bases on all accounts.
Trying to insert a lot of records from a MySQL database into SQL Server(2005 SQLExpress) database. Here’s the query and the error from PHP. I am not understanding it. All opening strings are closed properly but still..
INSERT INTO tbl_email (uniq_id, Respondent_ID, Bcode, BID, Email, Voornaam, Voorletters, Tussenvoegsel, Achternaam, Geslacht, Adres, Huisnummer, Toevoeging, Postcodecijfers, Postcodeletters, Woonplaats, Land, Telefoon1, Mobiel, Telefoon2, Matchkey, Profile, Geboortejaar, Geboortedatum, Leefsituatie, Gezinsgrootte, Inkomen, Beroep, Opleiding, Huis, Huisjaar, Huistype, Tuin, Auto, Beleggen, Kopenopafstand, Financien, Respondenttype, Charitype, Chari, Postcode, Huisdier, EV2, EV3, EV4, EV5, EV6, EV7, EV8, EV9, Aanmaakdatum, fk_ID_projectreactie, status_subscribed, unsubscribeddate, insertdatetime, editdatetime, to_delete) VALUES (6, "41", "288", "53", "test@hotmail.com", "a", "M", "", "0", "2", "0", "176", "", "5652", "EP", "a", "", "", "0", "0", "0", "", "0", "", "2", "2", "", "4", "4", "1", "2006", "", "", "", "1", "1", "", "3", "", "", "a", "1", "", "", "", "", "", "", "", "", "a", 0, 0, Null, Null, Null, 1)
Warning: mssql_query() [function.mssql-query]: message: Unclosed quotation mark after the character string ''. (severity 15) in crn_export_mssql.php on line 94
What could be the problem. I ran this query singly through SQL Server management console and it accepted and inserted. I even ran this query in another PHP file and data was inserted. However, when I do it in a PHP loop then this problem., The code snippet is,
while(//get rows from mysql)
{ //create query on runtime
$query = $strInsertDump . '('.implode(', ', $arrInsertField).')';
$result = mssql_query($query, $mslink);
}
Edit:
I used PDO now and here’s what the errorInfo returns.
Array
(
[0] => HY000
[1] => 20018
[2] => Incorrect syntax near ''. [20018] (severity 5) [(null)]
[3] => -1
[4] => 5
[5] => OpenClient
)
- Remove From My Forums
-
Вопрос
-
How do I overcome the following error message
Msg 102, Level 15, State 1, Line 4
Incorrect syntax near ‘ll’.
Msg 105, Level 15, State 1, Line 6
Unclosed quotation mark after the character string ».It occurs because the query is trying to store the following text which contains a quotation mark,how do i over come this
this is the query
SET @Query =
‘UPDATE MyTable
SET doses’+ CONVERT(VARCHAR,@Counter)+’=»’+ RTRIM(LTRIM(@Clinic))+»’,
doses_date’+CONVERT(VARCHAR,@Counter)+’=»’+ RTRIM(LTRIM(@appt))+»’,
dose’+CONVERT(VARCHAR,@Counter)+’=»’+ RTRIM(LTRIM(@text))+»’
WHERE left(unitno,7) = »’+left(@patientid,7)+»»
—
EXECUTE (@Query)
print @Query
…..dose4=’SPOKEN TO John Smith, he’ll have a look on it.’-
Изменено
25 ноября 2013 г. 12:29
-
Изменено
Ответы
-
Try the below:
SET @Query = 'UPDATE MyTable SET doses'+ CONVERT(VARCHAR,@Counter)+' = '''+ RTRIM(LTRIM(Replace(@Clinic,'''','''''')))+''', doses_date'+CONVERT(VARCHAR,@Counter)+' = '''+ RTRIM(LTRIM(Replace(@appt,'''','''''')))+''', dose'+CONVERT(VARCHAR,@Counter)+' = '''+ RTRIM(LTRIM(Replace(@text,'''','''''')))+''' WHERE left(unitno,7) = '''+left(@patientid,7)+'''' -- EXECUTE (@Query) print @Query
-
Помечено в качестве ответа
Sam233
25 ноября 2013 г. 13:40
-
Помечено в качестве ответа
The following error “Unclosed quotation mark after the character string…” occurs when you miss a quotation mark.
When the single quote is used once, and to close statement SQL Server is expecting for another one single quote. In some reason, a user can forget to do it. For example:
BACKUP DATABASE Adventureworks TO DISK = 'diff.bak
In this case, SQL Server will send the following error message:
Msg 105, Level 15, State 1, Line 1 Unclosed quotation mark after the character string 'diff.bak'.
Also, assume that the statement has been copied from MS Word document or website to SSMS and the “Unclosed quotation mark after the character string…” error appears. This happened because a single quote in MS Word or website ( ‘ ) is different from the single quote in SSMS ( ‘ ).
To fix this error just put another one single quote in the beginning or in the end of the statement where it needed:
BACKUP DATABASE Adventureworks TO DISK = 'diff.bak'
You’re missing the end quote, this should get you there.
WHILE (@7DaysEarlierPartitionIntegerId <= @CurrentPartitionIntegerId)
BEGIN
Set @7DaysEarlierPartitionId
= CAST(@7DaysEarlierPartitionIntegerId AS char)
set @sqlCommand
= 'Select * from '
+ quotename(@RequestUsage_Partition + @7DaysEarlierPartitionId)
+ 'where UserLogin like ''r2rohit.kharade'''
exec(@sqlCommand)
set @7DaysEarlierPartitionIntegerId
= @7DaysEarlierPartitionIntegerId + 1
END
I generally like to use CHAR(39) in place of multiple quotes, just to make code more readable
WHILE (@7DaysEarlierPartitionIntegerId <= @CurrentPartitionIntegerId)
BEGIN
Set @7DaysEarlierPartitionId
= CAST(@7DaysEarlierPartitionIntegerId AS char)
set @sqlCommand
= 'Select * from '
+ quotename(@RequestUsage_Partition + @7DaysEarlierPartitionId)
+ 'where UserLogin like ' + CHAR(39) + 'r2rohit.kharade' + CHAR(39)
exec(@sqlCommand)
set @7DaysEarlierPartitionIntegerId
= @7DaysEarlierPartitionIntegerId + 1
END
Bonus thought, just as another, more readable version, you could also QUOTENAME
WHILE (@7DaysEarlierPartitionIntegerId <= @CurrentPartitionIntegerId)
BEGIN
Set @7DaysEarlierPartitionId
= CAST(@7DaysEarlierPartitionIntegerId AS char)
set @sqlCommand
= 'Select * from '
+ quotename(@RequestUsage_Partition + @7DaysEarlierPartitionId)
+ ' where UserLogin like ' + QUOTENAME('r2rohit.kharade', CHAR(39))
exec(@sqlCommand)
set @7DaysEarlierPartitionIntegerId
= @7DaysEarlierPartitionIntegerId + 1
END