Click here to Skip to main content
15,907,687 members
Search within:


How do I solve this mysql query?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
MySQL
I have a search engine in my system. When I search using special characters such as @-_.&#() It is working find and I'm getting the result but when I use single quote special character (') I'm not getting the result but there's data in my DB using single quote.

What I have tried:

SQL
SELECT * FROM(SELECT p.PROJECT_ID, p.PROJECT_NAME, p.PHASE, p.STATUS, d.LOGIN_ID AS CREATED_BY,  p.LAST_UPDATED_DATE 
FROM report.GEN_PROJECT p, report.GEN_USER_LOGIN d
WHERE  d.USER_ID = p.CREATED_BY) A 
WHERE  PROJECT_NAME
LIKE '%grammar's%'  ORDER BY PROJECT_NAME  LIMIT 10 OFFSET 0;
Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's %' ORDER BY PROJECT_NAME
Posted
Updated 13-Feb-20 17:47pm
v4
Add a Solution

4 solutions

Since a single quote is delimiter in sql string, you can't use it inside a string, you need to escape it.
SQL
LIKE '%grammar''s%' ORDER BY PROJECT_NAME LIMIT 10 OFFSET 0;
 
Share this answer
 
Posted
Comments
Member 12016106 4-Feb-20 22:18pm    
Here I'm trying to get the PROJECT NAME from bean:

if(bean.getSearchBean()!=null&&StringUtils.isNotBlank(bean.getSearchBean().getProjectName())) {
conditionSQL = conditionSQL + (StringUtils.isNotBlank(conditionSQL)?" AND ":"") + " PROJECT_NAME LIKE '%"+bean.getSearchBean().getProjectName()+"%'";
}

So,how should I escape it here. Sorry I'm in a learning process. I really appreciate your help.
Patrice T 5-Feb-20 3:55am    
Use Improve question to update your question.
So that everyone can pay attention to this information.
Member 12016106 13-Feb-20 23:48pm    
Problem solved.. Thank you
Patrice T 14-Feb-20 4:28am    
You're welcome.
By the way, you can accept useful solutions, it will close the question.
As Patrice stated, the problem is that the single quote special character is used for letting SQL know that you are dealing with specific types of values, such as text or dates.

If you use an IDE designed for SQL statements, you will notice that Intellisense will change colors when you use the single quotes as well as reserved/special words.
This is even apparent when you place code in this forum; if you notice that your original question has had the SQL changed from bold to code-sql the styles show that where the problem is.
 
Share this answer
 
Posted
To add the the previous solutions, it looks like the data used in the condition is coming from the user interface.

If that is the case, you should use parameters. One thing is that this way you avoid risk of SQL injection but also this takes away the need to escape the special characters.

For an example, have a look at MySqlCommand.Parameters Property[^]
 
Share this answer
 
Posted
escape single quote by using \'
 
Share this answer
 
Posted
Updated 13-Feb-20 17:49pm
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
How best to position PHP mysql query to run multiple query in single execution.
How do I solve this problem.
How do I solve this mysql database problem of java project?
I need a help for solving SQL query
solve mysql query problem
How do I solve this using PHP, mysql.
How do I retrive data from multiple mysql queries in the same statement and render the results on the front ened
How do I solve the following error?
How do I solve my error in
How can I do update and insert query into different tables in one command?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 13 Feb 2020
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-05-28:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900