0

I have a script where it is necessary to add now in the current statement a received COMMENT text from the user as parameter. Below is an example but it is failing. Can someone help me with this ?

\<sup\>#!/usr/bin/ksh

export COMMENTS=${1}
echo ${COMMENTS}
echo "========================================="

sqlplus -s $CONNECT_STRING \<\<-EOF
whenever sqlerror exit 2;
insert into TEST_CACM (COMMENTS) values ('${COMMENTS}');
commit;
EOF\</sup\>

When we execute it fails because special character.

<kbd>test.ksh "Let's test this  ##@@"
Let's test this ##@@
=========================================
ERROR:
ORA-01756: quoted string not properly terminated</kbd>

Note: The user can be put any comment. Whatever comment the user add should be stored in the table.

Improve this question
5
  • Does the answer here help? stackoverflow.com/questions/18620893/… Commented Mar 27, 2023 at 21:16
  • 1
    Is your problem single quote inside users comment? Commented Mar 27, 2023 at 21:21
  • @markalex, on this example yes but a user can right anything right? Commented Mar 27, 2023 at 21:49
  • @EdmCoff, actually no. Thanks! Commented Mar 27, 2023 at 21:54
  • If you fully trust your users input - use answer suggested by MT0, if not - create simple python script, that will allow you to pass parameters to query. (or any other language supporting parametrized queries) Commented Mar 27, 2023 at 22:12

1 Answer 1

Reset to default
2

Either:

  1. Escape the single quote in the string value when you pass it in:

    test.ksh "Let''s test this  ##@@"

  2. Use a q-quoted string (and don't pass the closing expression for the q-quoted string as a sub-string of your argument):

    #!/usr/bin/ksh

export COMMENTS=${1}
echo ${COMMENTS}
echo "========================================="

sqlplus -s $CONNECT_STRING \<\<-EOF
whenever sqlerror exit 2;
insert into TEST_CACM (COMMENTS) values (q'[${COMMENTS}]');
commit;
EOF

  3. Or replace all the single quotes with two single quotes:

    #!/usr/bin/ksh 

export COMMENTS="$(echo $1 | sed "s/'/''/g")"
echo "$COMMENTS"
echo "========================================="

sqlplus -s $CONNECT_STRING \<\<-EOF
whenever sqlerror exit 2;
insert into TEST_CACM (COMMENTS) values ('${COMMENTS}');
commit;
EOF

  4. Don't use SQL*Plus. Instead write a small application in another language (i.e. Python, Java, C#, etc.) that allows you to use parameterised queries and pass the command-line argument as a bind variable.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.