72

Being a self-taught newbie, I created a large problem for myself. Before inserting data in to my database, I've been converting apostrophes (') in a string, to double quotes (""), instead of the required back-slash and apostrophe (\'), which MySQL actually requires.

Before my table grows more than the 200,000 rows it already is, I thought it was best to rectify this issue immediately. So I did some research and found the SQL REPLACE function, which is great, but I'm now confused.

In ASP, I was doing this:

str = Replace(str,"'","""")

If I look at my database in SQL Workbench, the symbol I converted is now a single quote ("), which has confused me a little. I understand why it changed from double to single, but I don't know which one I'm meant to be changing now.

To go through and rectify my problem using SQL REPLACE, do I now convert single quotes (") to back-slash and apostrophes (\') or do I convert double quotes ("") to back-slash and apostrophes (\')?

For example, this:

SQL = " SELECT REPLACE(myColumn,"""","\'") FROM myTable "

or this:

SQL = " SELECT REPLACE(myColumn,""","\'") FROM myTable "

I hope I explained myself well, any suggestions gratefully received as always. Any queries about my question, please comment.

Many thanks

-- UPDATE --

I have tried the following queries but still fail to change the ( " ) in the data:

SELECT REPLACE(caption,'\"','\'') FROM photos WHERE photoID = 3371
SELECT REPLACE(caption,'"','\'') FROM photos WHERE photoID = 3371
SELECT REPLACE(caption,'""','\'') FROM photos WHERE photoID = 3371

Yet if I search:

SELECT COUNT(*) FROM photos WHERE caption LIKE '%"%'

I get 16,150 rows.

-- UPDATE 2 --

Well, I have created a 'workaround'. I managed to convert an entire column pretty quickly writing an ASP script, using this SQL:

SELECT photoID, caption FROM photos WHERE caption LIKE '%""%';

and then in ASP I did:

caption = Replace(caption,"""","\'")

But I would still like to know why I couldn't achieve that with SQL?

Improve this question
4
  • 2
    You really need to read up on using Paramaterized queries. This will keep you from making your application vulnerable to SQL Injection Commented Oct 12, 2011 at 0:42
  • Note that in ASP, using """" renders as a value of a single quote ("), not a double quote (""), because inside of a string, a quote is represented (escaped) by two quotes. Commented Oct 12, 2011 at 0:47
  • That is next on my list to learn John, yes. I've got a regular expression function which checks input values and querystrings for malicious content but I'm sure that isn't that safe... Commented Oct 12, 2011 at 0:50
  • Thanks mellamokb but as I said in my question, I do understand why they changed to single quotes. What I now need to know, is how I reference them in the replace function. Do I replace doubles or singles now? Commented Oct 12, 2011 at 0:52

4 Answers 4

Reset to default
166

Just running the SELECT statement will have no effect on the data. You have to use an UPDATE statement with the REPLACE to make the change occur:

UPDATE photos
   SET caption = REPLACE(caption,'"','\'')

Here is a working sample: http://sqlize.com/7FjtEyeLAh

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks very much!! I get it now, select would print the conversion but update will actually update the DB...
To check without DB change, try before: SELECT * FROM photos WHERE LOCATE('"','\')>0
This should not be the accepted answer anymore... REPLACE function works just fine on MySQL
18

Replace below characters 

~ ! @ # $ % ^ & * ( ) _ +
` - = 
{ } |
[ ] \
: " 
; '

< > ?
, .

with this SQL

SELECT note as note_original, 

    REPLACE(
        REPLACE(
            REPLACE(
                REPLACE(
                    REPLACE(
                        REPLACE(
                            REPLACE(
                                REPLACE(
                                    REPLACE(
                                        REPLACE(
                                            REPLACE(
                                                REPLACE(
                                                    REPLACE(
                                                        REPLACE(
                                                            REPLACE(
                                                                REPLACE(
                                                                    REPLACE(
                                                                        REPLACE(
                                                                            REPLACE(
                                                                                REPLACE(
                                                                                    REPLACE(
                                                                                        REPLACE(
                                                                                            REPLACE(
                                                                                                REPLACE(
                                                                                                    REPLACE(
                                                                                                        REPLACE(
                                                                    REPLACE(
                                                                        REPLACE(
                                                                            REPLACE(
                                                                                REPLACE(
                                                                                    REPLACE(
                                                                                        REPLACE(
                                                                                            REPLACE(note, '\"', ''),
                                                                                        '.', ''),
                                                                                    '?', ''),
                                                                                '`', ''),
                                                                            '<', ''),
                                                                        '=', ''),
                                                                    '{', ''),
                                                                                                        '}', ''),
                                                                                                    '[', ''),
                                                                                                ']', ''),
                                                                                            '|', ''),
                                                                                        '\'', ''),
                                                                                    ':', ''),
                                                                                ';', ''),
                                                                            '~', ''),
                                                                        '!', ''),
                                                                    '@', ''),
                                                                '#', ''),
                                                            '$', ''),
                                                        '%', ''),
                                                    '^', ''),
                                                '&', ''),
                                            '*', ''),
                                        '_', ''),
                                    '+', ''),
                                ',', ''),
                            '/', ''),
                        '(', ''),
                    ')', ''),
                '-', ''),
            '>', ''),
        ' ', '-'),
    '--', '-') as note_changed FROM invheader
Improve this answer

4 Comments

awesome... one should save it :)
⁣⁣⁣(⁣⁣⁣⊙⁣⁣⁣.⁣⁣⁣☉⁣⁣⁣)⁣⁣⁣⁣⁣
OMG you are the best guy in stackoverflow! This answer is amazing, thanks God I read it, now my life it's different and happier
fully amazing guy .
5

maybe I'd go by this.

 SQL = SELECT REPLACE(myColumn, '""', '\'') FROM myTable

I used singlequotes because that's the one that registers string expressions in MySQL, or so I believe.

Hope that helps.

Improve this answer

3 Comments

I ran this on one row, checked the row after and it still had ( " ). I'm editing my question to show you the other variations I tried
does the caption have other values other than the quotes?
Example caption [Brad Pitt is wearing Angelina Jolie"s bikini]
0

If you have "something" and need 'something', use replace(col, "\"", "\'") and viceversa.

Improve this answer

3 Comments

That didn't work, I ran it on one row, checked the row and it still contains ( " )
SUBSTRING(data, 1, LEN(data)) -i'm not sure if it's 1 or 2 in the parameter, but this will cut the first and the last char from a string, so "whatever" or 'whatever', should output as whatever.
No good unfortunately, I have data like [Kate Moss's], [O'Sullivan] and ['whatever']

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.