u_riaz
asked on
Any OCI API that can escape chars like ' in SQL...
Hi*!
I have implemented a module to use the OCI interface for Oracle in C/C++. Sometimes my SQL statement contains chars like ' and while excecuting I get OCI errors. Now I am planning to sort this problem out. Is there any API in OCI like in prel DBI that takes the SQL string and escapes all escapeable chars. Or do i have to write a function in C/C++ my self to parse the SQL statement correctly.
Thanks in advance,
Regards,
Usman.
I have implemented a module to use the OCI interface for Oracle in C/C++. Sometimes my SQL statement contains chars like ' and while excecuting I get OCI errors. Now I am planning to sort this problem out. Is there any API in OCI like in prel DBI that takes the SQL string and escapes all escapeable chars. Or do i have to write a function in C/C++ my self to parse the SQL statement correctly.
Thanks in advance,
Regards,
Usman.
Normally you have to use two ' characters to represent ' in the SQL. OCI has to accept this way of passing constants.
For eg., if you want select details from DB (with quotes stored) then you need to do :
SQL> insert into emp(empno,ename)
2 values(999,'Riaz''s');
1 row created.
SQL> commit;
Commit complete.
SQL> select empno,ename from emp
2 where ename = 'Riaz''s';
EMPNO ENAME
---------- ----------
999 Riaz's
SQL>
------------
or use bind variables to handle the data
SQL> insert into emp(empno,ename)
2 values(999,'Riaz''s');
1 row created.
SQL> commit;
Commit complete.
SQL> select empno,ename from emp
2 where ename = 'Riaz''s';
EMPNO ENAME
---------- ----------
999 Riaz's
SQL>
------------
or use bind variables to handle the data
ASKER
Thanks for the reply. I know how to escape those characters. What i wanted to know is the API or Function in OCI that I can Call something like
char szSQLStmt[256] = "select something from something where something = 'usman's name';"
And i can call some function to escape it e.g.
SomeOCIFunctionIamLookingF or(szSQLSt mt);
Now this function does the magic and escapes the SQL String.
Thanks,
Usman.
char szSQLStmt[256] = "select something from something where something = 'usman's name';"
And i can call some function to escape it e.g.
SomeOCIFunctionIamLookingF
Now this function does the magic and escapes the SQL String.
Thanks,
Usman.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.