0

I want to retrieve a record where the value contains single quote and double quote.

Tried The following:

select * from Table1 where id = '' . ~";:><?/\!@#$%^*()_+|/ \?' ; `

Dipankar Nalui
  • 1,121
  • 5
  • 18
  • 33
  • Where's the problem? If you escape the quotes through backslashes, it should work – Nico Haase Dec 07 '17 at 08:29
  • 1
    Possible duplicate of [How to escape apostrophe (') in MySql?](https://stackoverflow.com/questions/9596652/how-to-escape-apostrophe-in-mysql) – Nico Haase Dec 07 '17 at 08:29
  • This [question](https://stackoverflow.com/questions/1086918/what-characters-have-to-be-escaped-to-prevent-mysql-injections) resolves it – JTejedor Dec 07 '17 at 08:29

2 Answers2

3

Use LIKE in WHERE clause to check whether it contains single quotes(') and double quotes(").

Query

select * from `your_table_name`
where `id` like '%''%'
or `id` like '%"%';

Find a demo here

Ullas
  • 11,450
  • 4
  • 33
  • 50
  • Additional info: ANSI SQL has single quotes for strings, e.g. `'winter'`. To include a single quote, delimit it with another single quote, e.g. `'winter''s tale'`. Double quotes need no special treatment, simple include them as `'12" vinyl'`. – jarlh Dec 07 '17 at 08:48
  • `like` gives me many records. But here field `id` is primary key. it should give me a single record as output. where id = ' . ~";:>/\!@#$%^*()_+|/ \`? – Dipankar Nalui Dec 07 '17 at 08:52
1

select * from table1 where name like "%'%" OR name like '%"%';

Jagadish
  • 19
  • 6
  • `like` gives me many records. But here field `id` is primary key. it should give me a single record as output. where id = ' . ~";:>/\!@#$%^*()_+|/ \`? – Dipankar Nalui Dec 07 '17 at 08:53
  • I think you can use [REGEXP](https://dev.mysql.com/doc/refman/5.7/en/regexp.html#operator_regexp) instead of LIKE – Jagadish Dec 07 '17 at 09:00