51

UPDATE: the bio may contain apostrophes (see updated example)

I have an SQL query that has a value which spans multiple lines and it causes the query to fail:

UPDATE User SET UserId=12345, Name="J Doe", Location="USA", Bio="I'm a
bio that has an apostrophe, and I'm 
spanning multiple lines!" 
WHERE UserId=12345

In C# you can put an @ before the string Bio=@"..." in order to allow it to span multiple lines, but I'm not sure how the same thing can be achieved with SQL queries. How do you get a string to span multiple lines without having to do things like manually concatenating the strings: 

Bio="I'm a"
+" bio that has an apostrophe, and I'm"
+" spanning multiple lines!"
Kiril
  • 39,672
  • 31
  • 167
  • 226
  • What Database Server are you using? – John Hartsock Nov 16 '11 at 03:41
  • @JohnHartsock SQLite (also re-tagged) – Kiril Nov 16 '11 at 03:42
  • Are there actual new line characters in there? Have you tried doing your query that matches against "my bio\n spans\n multiple\n lines!" Or is the query string so long this would be out of the question? – ZacAttack Nov 16 '11 at 03:47
  • ZacAttack, I'm not trying to match anything against the bio (yet), I just want to update a record with a bio which may contain multiple lines. – Kiril Nov 16 '11 at 04:03

4 Answers4

76

SQL Server allows the following (be careful to use single quotes instead of double)

UPDATE User
SET UserId = 12345
   , Name = 'J Doe'
   , Location = 'USA'
   , Bio='my bio
spans 
multiple
lines!'
WHERE UserId = 12345
Adam Wenger
  • 17,100
  • 6
  • 52
  • 63
  • Please note that the bio may contain single quotes (apostrophe), such as: "I'm a bio with an apostrophe, so I can't be wrapped in single quotes" – Kiril Nov 16 '11 at 03:58
  • 2
    `'Unless you\'re escaping your quotes or parameterizing your query'` Also, what if my bio ends with my favorite quote like `"hi this is my bio And this is my favorite quote "The most beautiful thing we can experience is the mysterious" -Albert Einstein"` – Code Magician Nov 16 '11 at 04:03
  • double quotes in Bio work fine when here, and M_M comment about escaping or parameterizing your input is accurate, and a good way to deal with single quotes in your Bio – Adam Wenger Nov 16 '11 at 04:10
  • I'll use the escape sequence... that would work perfectly for my purposes. – Kiril Nov 16 '11 at 04:19
  • How come this works but the query in the original question doesn't? Is it because this one uses single quotes instead of double quotes, or something else? – Tanner Swett Apr 14 '15 at 14:56
  • 1
    @TannerSwett Yes, SQL Server works with single quotes and not double-quotes. – Adam Wenger Apr 14 '15 at 15:10
  • Can't add a SQL comment in the middle of this string, it is interpreted as part of the string. – Nate Anderson Sep 02 '15 at 22:45
3

What's the column "BIO" datatype? What database server (sql/oracle/mysql)? You should be able to span over multiple lines all you want as long as you adhere to the character limit in the column's datatype (ie: varchar(200) ). Try using single quotes, that might make a difference. This works for me:

update table set mycolumn = 'hello world,
my name is carlos.
goodbye.'
where id = 1;

Also, you might want to put in checks for single quotes if you are concatinating the sql string together in C#. If the variable contains single quotes that could escape the code out of the sql statement, therefore, not doing all the lines you were expecting to see.

BTW, you can delimit your SQL statements with a semi colon like you do in C#, just as FYI.

Losbear
  • 3,255
  • 1
  • 32
  • 28
  • The bio data type is `VARCHAR`, also note that the bio may contain single quotes, such as: "I'm a bio with an apostrophe, so I can't be wrapped in single quotes" – Kiril Nov 16 '11 at 03:58
-1

with your VARCHAR, you may also need to specify the length, or its usually good to

What about grabbing the text, making a sting of it, then putting it into the query witrh

String TableName = "ComplicatedTableNameHere";  
EditText editText1 = (EditText) findViewById(R.id.EditTextIDhere); 
String editTextString1 = editText1.getText().toString();

BROKEN DOWN

String TableName = "ComplicatedTableNameHere";            
    //sets the table name as a string so you can refer to TableName instead of writing out your table name everytime

EditText editText1 = (EditText) findViewById(R.id.EditTextIDhere); 
    //gets the text from your edit text fieldfield 
    //editText1 = your edit text name
    //EditTextIDhere = the id of your text field

String editTextString1 = editText1.getText().toString();  
    //sets the edit text as a string
    //editText1 is the name of the Edit text from the (EditText) we defined above
    //editTextString1 = the string name you will refer to in future

then use

       /* Insert data to a Table*/
       myDB.execSQL("INSERT INTO "
         + TableName
         + " (Column_Name, Column_Name2, Column_Name3, Column_Name4)"
         + " VALUES ( "+EditTextString1+", 'Column_Value2','Column_Value3','Column_Value4');");

Hope this helps some what...

NOTE each string is within 

'"+stringname+"'

its the 'and' that enable the multi line element of the srting, without it you just get the first line, not even sure if you get the whole line, it may just be the first word

Henry Aspden
  • 1,863
  • 3
  • 23
  • 45
-4

I prefer to use the @ symbol so I see the query exactly as I can copy and paste into a query file:

string name = "Joe";
string gender = "M";
string query = String.Format(@"
SELECT
   *
FROM
   tableA
WHERE
   Name = '{0}' AND
   Gender = '{1}'", name, gender);

It's really great with long complex queries. Nice thing is it keeps tabs and line feeds so pasting into a query browser retains the nice formatting

JJ_Coder4Hire
  • 4,706
  • 1
  • 37
  • 25