Quotes in query SQLite...

FrancescoDiMuro · January 27, 2017

Hi guys! How are you? Hope you're fine
I'm trying to insert a text that contains quotes in a SQLite database, and I don't know how to do.
I tried with:

Local $sString = "1P6AV2104'0HA04'0AA0"
StringReplace($sString, "'", "''")

but I didn't managed to, obtaining this error:

--> Error:    unrecognized token: "0HA04"

How can I manage to solve this problem? Thanks

jchd · January 27, 2017

Post the code.

FrancescoDiMuro · January 28, 2017

23 hours ago, jchd said:

Post the code.

_SQLite_Exec($hDatabase, "CREATE TABLE Magazzino_Siemens (ID, MARCA, QUANTITA, SCAFFALE, DESCRIZIONE, COSTO, NOTE, INFO, BARCODE, DATA_INSERIMENTO, DATA_PRELIEVO, DATA_MODIFICA);")
    $oWorkbook.Sheets("Magazzino Siemens").Activate
    Local $aRisultatoSiemens = _Excel_RangeRead($oWorkbook, Default, $oWorkbook.ActiveSheet.Usedrange.Columns("A:L"), 1, True)
    If(@error) Then
        MsgBox($MB_ICONERROR, "Errore!", "Errore: " & @error)
    EndIf
    For $i = UBound($aRisultatoSiemens) - 1 To 4 Step -1
        If($aRisultatoSiemens[$i][4] = "") Then _ArrayDelete($aRisultatoSiemens, $i)
    Next
    For $i = 3 To UBound($aRisultatoSiemens) - 1
        _SQLite_Exec($hDatabase, "INSERT INTO Magazzino_Siemens (ID, MARCA, QUANTITA, SCAFFALE, DESCRIZIONE, COSTO, NOTE, INFO, BARCODE, DATA_INSERIMENTO, DATA_PRELIEVO, DATA_MODIFICA) " & _
                                       "VALUES (" & _
                                        "'" & $aRisultatoSiemens[$i][0] & "'" & "," & "'" & $aRisultatoSiemens[$i][1] & "'" & "," & "'" & $aRisultatoSiemens[$i][2] & "'" & "," & _
                                        "'" & $aRisultatoSiemens[$i][3] & "'" & "," & "'" & $aRisultatoSiemens[$i][4] & "'" & "," & "'" & $aRisultatoSiemens[$i][5] & "'" & "," & _
                                        "'" & $aRisultatoSiemens[$i][6] & "'" & "," & "'" & $aRisultatoSiemens[$i][7] & "'" & "," & "'" & $aRisultatoSiemens[$i][8] & "'" & "," & _
                                        "'" & $aRisultatoSiemens[$i][9] & "'" & "," & "'" & $aRisultatoSiemens[$i][10] & "'" & "," & "'" & StringReplace($aRisultatoSiemens[$i][11], "'", "''") & "'" & ");")
    Next

Thank you

jchd · January 29, 2017

You really should specify datatypes in the create table statement, else you may have issues.

The function _SQLite_FastEscape() deals with single quote(s) in text fields.

Don't wrap numeric fields inside single quotes.

Use a transaction to group your inserts.

FrancescoDiMuro · January 29, 2017

@jchd

Could you please post an example of what you said? Thanks and have a good day

EDIT:

I would like to understand your phrase too:

"Use a transaction to group your inserts."

I am writing from my smartphone, so, sorry If I didn't quote you in right way Thanks

Edited January 29, 2017 by FrancescoDiMuro

jchd · January 30, 2017

_SQLite_Exec($hDatabase, _
    "CREATE TABLE Magazzino_Siemens (" & _  ; here Siemens is data put in schema name; will make your life much harder
        "ID integer primary key, " & _      ; wild guess it's an integer id
        "MARCA text, " & _
        "QUANTITA numeric, " & _            ; can it be float? if not, use INT instead
        "SCAFFALE text, " & _       
        "DESCRIZIONE text, " & _
        "COSTO numeric, " & _               ; prefer prices as integers (scale accordingly)
        "NOTE text, " & _
        "INFO text, " & _
        "BARCODE text, " & _
        "DATA_INSERIMENTO text, " & _       ; beware that Excel dates are "special"
        "DATA_PRELIEVO text, " & _          ; convert them to UTC ISO (yyyy-mm-dd)
        "DATA_MODIFICA text" & _
    ");" _
)
$oWorkbook.Sheets("Magazzino Siemens").Activate
Local $aRisultatoSiemens = _Excel_RangeRead($oWorkbook, Default, $oWorkbook.ActiveSheet.Usedrange.Columns("A:L"), 1, True)
If (@error) Then
    MsgBox($MB_ICONERROR, "Errore!", "Errore: " & @error)
Else
    For $i = UBound($aRisultatoSiemens) - 1 To 4 Step -1
        If($aRisultatoSiemens[$i][4] = "") Then _ArrayDelete($aRisultatoSiemens, $i)
    Next
    _SQLite_Exec($hDatabase, "begin")
    For $i = 3 To UBound($aRisultatoSiemens) - 1
        _SQLite_Exec($hDatabase, _
            "INSERT INTO Magazzino_Siemens (" & _
                "ID, " & _
                "MARCA, " & _
                "QUANTITA, " & _
                "SCAFFALE, " & _
                "DESCRIZIONE, " & _
                "COSTO, " & _
                "NOTE, " & _
                "INFO, " & _
                "BARCODE, " & _
                "DATA_INSERIMENTO, " & _
                "DATA_PRELIEVO, " & _
                "DATA_MODIFICA" & _
            ") VALUES (" & _
                $aRisultatoSiemens[$i][0] & "," & _                         ; ID
                _SQLite_FastEscape($aRisultatoSiemens[$i][1]) & "," & _     ; MARCA
                $aRisultatoSiemens[$i][2] & "," & _                         ; QUANTITA
                _SQLite_FastEscape($aRisultatoSiemens[$i][3]) & "," & _     ; SCAFFALE
                _SQLite_FastEscape($aRisultatoSiemens[$i][4]) & "," & _     ; DESCRIZIONE
                $aRisultatoSiemens[$i][5] & "," & _                         ; COSTO
                _SQLite_FastEscape($aRisultatoSiemens[$i][6]) & "," & _     ; NOTE
                _SQLite_FastEscape($aRisultatoSiemens[$i][7]) & "," & _     ; INFO
                _SQLite_FastEscape($aRisultatoSiemens[$i][8]) & "," & _     ; BARCODE               | those last 4 fields are unlikely
                _SQLite_FastEscape($aRisultatoSiemens[$i][9]) & "," & _     ; DATA_INSERIMENTO      | to contain single quotes
                _SQLite_FastEscape($aRisultatoSiemens[$i][10]) & "," & _    ; DATA_PRELIEVO         | but this is bulletproof
                _SQLite_FastEscape($aRisultatoSiemens[$i][11]) & _          ; DATA_MODIFICA         | convert dates before!!!
            ");" _
        )
    Next
    _SQLite_Exec($hDatabase, "commit")
EndIf

FrancescoDiMuro · January 30, 2017

@jchd
Hey! It works Thanks
ID it's not numeric, so I processed it as text...
COSTO would be real, but when I do the "INSERT", an error appears in corrispondence of the field "COSTO"... So I am trrating it as text...
Just to know... Even when I do some UPDATE I have to do proceed with "_SQLite_FastEscape()" function? A big thank you

EDIT:

Costo is effectively REAL, because it's like € xx,xx...
So, I would declare it as REAL and don't do pass it to the _SQLite_FastEscape() function, am I right?
If you could me explain these things, I'd be very happy and, if you need some example of what I'm meaning, just ask

Again thanks

Edited January 30, 2017 by FrancescoDiMuro

jchd · January 30, 2017

1 hour ago, FrancescoDiMuro said:

Costo is effectively REAL, because it's like € xx,xx...

A real for a computer is of the form 9999.9999 with no € sign and a dot as decimal point, not a comma. You can reformat the cost value so that is fits what is expected for a real. Integers and reals don't need escaping, clrealy, since they can't contain single quotes.

Update needs escaping text like insert and for the very same reason.

Anyway you may still want to reconsider your table design to avoid maintaining separate tables for different manufacturers/suppliers (if those tables have the same fields). IIRC you mentionned Siemens and Rockwell or something. Do those tables have the same structure?

Edited January 30, 2017 by jchd

FrancescoDiMuro · January 31, 2017

14 hours ago, jchd said:

A real for a computer is of the form 9999.9999 with no € sign and a dot as decimal point, not a comma. You can reformat the cost value so that is fits what is expected for a real. Integers and reals don't need escaping, clrealy, since they can't contain single quotes.

Update needs escaping text like insert and for the very same reason.

Anyway you may still want to reconsider your table design to avoid maintaining separate tables for different manufacturers/suppliers (if those tables have the same fields). IIRC you mentionned Siemens and Rockwell or something. Do those tables have the same structure?

Good morning @jchd
For the first question, I should replace the € with "", and, " , " with "."... Then, I could proceed with the "REAL" format for the field COSTO.
Fot the second question, I answer "Yes, all 4 tables ( are 4, not 2 as I, maybe, didn't explain in the right way ), have the same format... But, I preferred to keep them separate because, If I have to make a query, the SQLite has not to query a big table, but just the needed one. If I'm making some mistakes ( as I did, because I studied SQL few years ago ), please tell me
Now I'm making changes about the INSERT and the UPDATE. Only these 2 "operations" would have the _SQLite_FastEscape() function, am I right?
Thanks for your time I rellay appreciate it
Have a wonderful day!
Francesco

jchd · January 31, 2017

For the costo field: also remove whitespaces.

Querying one "big" table is almost always preferable to have several identical tables. There are some reasons for that:

First, SQLite (and RDBMS in general) are very efficient at manipulating huge amounts of data. SQLite routinely manages multi-terabytes tables with billions rows, provided correct design of the schema.
Second, you don't have to write and manage separate code to access TableA, TableB, TableC, ... Add a discriminating column (e.g. "Brand") where you put 'Siemens', 'Rockwell', ...(*) and use a WHERE clause to specify which brand you're interessed in.
Third, it's better for efficiency of the caches.

(*) Better yet: set the column "Brand" to refer to a Brands table, using a foreign key.

You need to escape any text literal which may contain one or more single quote. This includes statements like:

select colA, colB, colC from mytable where colA like _SQLiteFastEscape($sometext) ...

FrancescoDiMuro · January 31, 2017

Hey @jchd!
You are a very nice person
No one here helped me so much, and, since you starded doing that, I'm learning a lot of things...
Now, I should change my code ( 1783 rows :frantics: ) about what you were saying...
I know I can do it
Quick question... I don't remember how FK works...
Could you explain me something about it or give to me ( I am not lazy looking for foreign key on Google, but maybe you have a more direct explanation that I could understand better than something on Google ) a reference
Thanks

EDIT:

By the way, I don't know if I'll do this new table, because I can't manage one brand with barcodes...
If I add a new product, I do it by barcode... So, If the last brand has not a barcode, and atm, I can't generate it, I can't do what you suggested ( would be AMAZING! )... Do you have any idea? Or, for now, I could manage the db as I am doing, without creating a new table with all brands? Thanks

Edited January 31, 2017 by FrancescoDiMuro

jchd · January 31, 2017

A foreign key in SQL is a reference (via a unique identifier, often an integer) from a child table to a parent table. Foreign keys are widely used to avoid duplication of data (like in your case, to avoid repeating for every Siemens item that its brand is 'Siemens') and also to link together entities in different semantic spaces.

Duplicating data is problematic: not only that eats up storage and cache space pointlessly but also because it's a window wide open to DB inconsistancies. For instance, it too easy to misspell/mistype 'Siemens' as 'Seimens'.

Now imagine you have a stock of items (you seem to have that) which you sell. Let's skip a number of details. At some point you're going to have to process orders and produce detailled invoices. At this point, what do you think is more robust, more efficient and more compact?

Create invoices containing the full data of the client, the delivery point and all the items sold stated in full,
OR
Create invoices containing references to the client, the delivery point and sold items.

Obviously, the second paradigm is better. You achieve that by using, in the invoices table, foreign keys (= FK = reference) to the client entry in the client table, also FK to the delivery point in the corresponding table and also FK to item in the stock table for each sold item in the invoice.

For a complete documentation about FK under SQLite, turn to https://www.sqlite.org/foreignkeys.html

FrancescoDiMuro · January 31, 2017

Thanks for your explanation, @jchd.
But, how would I apply your example to my script? Should I create a table "Brand", and then?
Thanks for your help

jchd · February 1, 2017

Most probably yes. DB design obeys both rules ("normalizations", to apply reasonnably) and some white magic. Context & requirements & experience & common sense are the guides.

Skysnake · February 1, 2017

Hi @FrancescoDiMuro, there are several good publications on SQL. I suggest you look for titles like

SQL Cookbook
Query Solutions and Techniques for Database Developers
By Anthony Molinaro

Using SQLite by Jay A. Kreibic published by O'Reilly

Skysnake

Quotes in query SQLite...

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Similar Content