2

I have two databases. One has apostrophe in names like O'Bannon and one does not. I need to merge them and find the duplicates. Since it's harder to add the apostrophes I'm tring to remove them instead

But this...

UPDATE Client
SET Last_Name = REPLACE(''','')

Clearly won't work. How does one escape the '.

I'm using Xojo (not PHP)

Conrad Frix
  • 51,984
  • 12
  • 96
  • 155
JVMX
  • 1,016
  • 2
  • 12
  • 23

5 Answers5

5

Like you say, you'll want to escape quote characters.

See this documentation on string literals:

There are several ways to include quote characters within a string:

A “'” inside a string quoted with “'” may be written as “''”.

A “"” inside a string quoted with “"” may be written as “""”.

Precede the quote character by an escape character (“\”).

A “'” inside a string quoted with “"” needs no special treatment and need not be doubled or escaped. In the same way, “"” inside a string quoted with “'” needs no special treatment.

Depending on how you're dealing with the SQL, though, you may need to do more than that. If the application is escaping the quote character, and passing that to a stored procedure call, you may run into the same issue if you are not using parameter binding with prepared statements. This is due to MySQL removing the escape character upon processing the inputs of the SP. Then the unsantized character makes its way to the query construction and the problem repeats itself if it should be escaped there. In this case, you'll want to switch to parameter binding, so that the escaping and query construction is out of your hands.

Erin Schoonover
  • 530
  • 2
  • 13
  • For more information about SQL injection, see [this great answer by Bill Karwin](http://stackoverflow.com/a/306818/2272443), and [this slideshow he put together](http://www.slideshare.net/billkarwin/sql-injection-myths-and-fallacies). – Erin Schoonover May 21 '13 at 18:51
4

Here we go:

UPDATE Client SET Last_Name = REPLACE(Last_Name, '\'', '');

You just need to escape apostrophe will backslash .

Sumoanand
  • 8,835
  • 2
  • 47
  • 46
3

Simply add an escape character(\) in front of the quote:

SET Last_Name = REPLACE('\'','')

Still I don't think this is the right way to go as you will lose the information for the original name of the person and so o'reily and oreily will seem to be the same surname to you.

Ivaylo Strandjev
  • 69,226
  • 18
  • 123
  • 176
1

From 9.1.1 String Literals

Table 9.1. Special Character Escape Sequences

Escape Sequence Character Represented by Sequence
\0  An ASCII NUL (0x00) character.
\'  A single quote (“'”) character.
\"  A double quote (“"”) character.
\b  A backspace character.
\n  A newline (linefeed) character.
\r  A carriage return character.
\t  A tab character.
\Z  ASCII 26 (Control+Z). See note following the table.
\\  A backslash (“\”) character.
\%  A “%” character. See note following the table.
\_  A “_” character. See note following the table.

Of course if ANSI_MODE is not enabled you could use double quotes

Conrad Frix
  • 51,984
  • 12
  • 96
  • 155
  • I have two databases that I had nothing to do with the creation of. One has the apostrophe one does not. I need to merge them and find the duplicates. If you could write me some code that puts them in where they are missing I would gladly take all the 'don't change the name' comments to heart.... – JVMX May 20 '13 at 16:44
0

If in case you are just looking to select, i.e., to match a field with data containing apostrophe. 

SELECT PhraseId FROM Phrase WHERE Text =  REPLACE("don't", "\'", "''")
Thiru
  • 1,380
  • 13
  • 21