Jump to content

Need an advice of using quotes in SQLite request

Vitaliy4us
 Share

Recommended Posts

Vitaliy4us Wayfarer

Vitaliy4us

Posted
Posted

I know that the question is old but I still do not have any 100% working approach of using quotes in SQLite requests. In most cases the problem is solved in this way:

- if there are double quotes inside the request, the the request itself should be surrounded with the single quotes and vice verse

But often you can't know in advance what kind of quotes will be inside your request, or which is even more common, the request will contain the both types of quotes. What is the general approach in this case? For example, the request: 

Local $request = "INSERT INTO tests (testId, testSummary, stepId, testStep, testData, testResult) VALUES (" & _
                    "'" & $testId & "'," & "'" & $testSummary & "', " & "'" & $stepId & "', " & "'" & $testStep & _
                    "', " & "'" & $testData & "', " & "'" & $testResult & "');"

can contain different types of quotes in any field. So how it should be composed to be correct in any case?

Link to comment
Share on other sites
genius257 Universalist

genius257

Posted
Posted

Hi @Vitaliy4us.

I would looking into binding variables to prepared statements.

to read more about variable binding, see: https://www.sqlite.org/c3ref/bind_blob.html

like this.png

My highlighted topics: AutoIt Package Manager, AutoItObject Pure AutoIt, AutoIt extension for Visual Studio Code

Github: AutoIt HTTP Server, AutoIt HTML Parser

Link to comment
Share on other sites
Vitaliy4us Wayfarer

Vitaliy4us

Posted
  • Author
Posted (edited)
43 minutes ago, Vitaliy4us said:

I know that the question is old but I still do not have any 100% working approach of using quotes in SQLite requests. In most cases the problem is solved in this way:

- if there are double quotes inside the request, the the request itself should be surrounded with the single quotes and vice verse

But often you can't know in advance what kind of quotes will be inside your request, or which is even more common, the request will contain the both types of quotes. What is the general approach in this case? For example, the request: 

Local $request = "INSERT INTO tests (testId, testSummary, stepId, testStep, testData, testResult) VALUES (" & _
                    "'" & $testId & "'," & "'" & $testSummary & "', " & "'" & $stepId & "', " & "'" & $testStep & _
                    "', " & "'" & $testData & "', " & "'" & $testResult & "');"

can contain different types of quotes in any field. So how it should be composed to be correct in any case?

To be honest this is so complicated that it is much easier to convert the string with regular expression which can substitute the quotes to make them of one type. Is this the only way to solve the problem?

Edited by Vitaliy4us
Link to comment
Share on other sites
genius257 Universalist

genius257

Posted
Posted (edited)

Hmmm without binding a regex seems to be the best...

https://stackoverflow.com/questions/603572/escape-single-quote-character-for-use-in-an-sqlite-query

In this thread on stackoverflow they seem to do this. So i would suggest this StringRegExpReplace: 

$input = "St. Mary's and St. John's"

$input = StringRegExpReplace($input, "'", "''")

Just tested the following sql: 

SELECT 'this''s'

and the result is as exspected: 

this's

 

Edited by genius257

like this.png

My highlighted topics: AutoIt Package Manager, AutoItObject Pure AutoIt, AutoIt extension for Visual Studio Code

Github: AutoIt HTTP Server, AutoIt HTML Parser

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...