5

I tried use a string variable in R script to use through SQL statement for example:

x="PASS"

SQL<- paste("select ID, NAME, STATUS from STUDENT where STATUS =(",x,")",sep="")
Q1 <- dbGetQuery(con, SQL)

The ERROR says:

Error in mysqlExecStatement(conn, statement, ...) :
RS-DBI driver: (could not run statement: Unknown column 'PASS' in 'where clause')

That means STATUS =(",x,")" = PASS and it must 'PASS' with add quote ''

I tried to put the '' but no success as the following.

SQL <- paste("select ID, NAME, STATUS from STUDENT where STATUS ='(",x,")' ",sep="")
Q1 <- dbGetQuery(con, SQL)

I tested it with number and it is work well but when I use string it is not working, because the value must be in quotes ' '.

Improve this question

4 Answers 4

Reset to default
8

Use sprintf instead:

x <- "PASS"
sprintf("select ID, NAME, STATUS from STUDENT where STATUS = '%s'", x)

## [1] "select ID, NAME, STATUS from STUDENT where STATUS = 'PASS'"
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks dickoa I tried with sprintf and it is not work, in my case I use other variables type which contain integer. The update of my case is: x="PASS" Y=1100 SQL<- paste("select ID, C_ID, NAME, STATUS from STUDENT where C_ID=(",Y,")", and STATUS =(",x,")",sep="") the previous case can deal Y but can not work with x Please could help and thanks in advance
5

Try this:

library(gsubfn)
x <- "PASS"

fn$dbGetQuery(con, "select ID, NAME, STATUS from STUDENT where STATUS = '$x' ")

This also works:

s <- fn$identity("select ID, NAME, STATUS from STUDENT where STATUS = '$x' ")
dbGetQuery(con, s)
Improve this answer

1 Comment

Thanks G. Grothendieck, I tried it and it is work well with diffrent type of Variable.. and I would also to thanks all who reply..
2

EDIT for windows

Try 

x = "PASS"

SQL<- paste0("select ID, NAME, STATUS from STUDENT where STATUS = ", shQuote(x, 'sh'))
Q1 <- dbGetQuery(con, SQL)

More generally shQuote is useful for constructed things like:

paste0("SELECT * FROM urtable where urvar IN(", paste0(shQuote(LETTERS, 'sh'), collapse = ','), ")")
[1] "SELECT * FROM urtable where urvar IN('A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z')"

 #

If you have simple character strings. For more complicated character strings other approaches maybe necessary. For example in PoSTgreSQL you can use Dollar-Quoted String Constants to escape characters.

You dont mention what variant of SQL you are using or associated R package. Some R packages may have helper functions like postgresqlEscapeStrings in RPostgreSQL or dbEscapeStrings in RMySQL.

Improve this answer

2 Comments

You can keep the brackets or remove them.
This seems like a misuse of shQuote, which is meant for quoting strings for the OS shell. There's no guarantee that the same quotes are what a database would expect.
0

Use glue_sql() from glue package.

x = "PASS"

glue_sql("select ID, NAME, STATUS from STUDENT where STATUS = {x}", .con = con)

see more examples here: https://glue.tidyverse.org/#glue_sql-makes-constructing-sql-statements-safe-and-easy

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.